What is Zero day ? Zero-day attacks occur during thevulnerability window that exists in thetime between when a vulnerability is firstexploited and when software developersstart to develop a counter to that threat Source : wikipedia
What is Fuzzing ?Fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, orrandom data to the inputs of a computer program. The programis then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks. Fuzzingis commonly used to test for security problems in software orcomputer systems.
What exactly it is ?1. No Rules for fuzzing2. No guarantee for fuzzing
Further Reading. OWASP Testing Guide. OWASP Development Guide. OWASP.org
So you know now* what is a zero day ?* what is the methodology used ?* Information gathering of the application or product* Discovered or previous vulnerabilities of product* Study the architecture of product
* Identify the input points* Source code review* Source code review (one demo) demo of RIPS and grep* Fuzzing* Fuzzing (one demo) demo of JBroFuzz* Tools used for code review and Fuzzing