Fuzzers are a tool that we’ve found incredibly valuable in the past, and continue to employ heavily. A fuzzer’s job is to make your application fail by feeding it surprising inputs. The good ones do this by knowing a part of your code well enough that they can make smart guesses about how to confuse it. This one, for instance, produces a constant stream of mostly-correct CSS rules, and watches to see whether the browser can cope with them. Because fuzzers take these random paths, they can uncover subtle bugs that are rarely encountered during “normal” testing; and Jesse is a master at building them.

When Jesse originally started talking about his javascript fuzzer, he gave it to other browser vendors first, and he’s done the same with this one. If you’re interested in automated security analysis tools though, he’s now made it public, and I recommend checking it out.

Johnathan Nightingale
Human Shield