Automated Fuzzing Tool for Testing Web Application Security
by Kavita Rathi, Pooja Dahiya, Shalini Bhadola
Published: July 7, 2026 • DOI: 10.51244/IJRSI.2026.1306000306
Abstract
The importance of Web Application Security grows daily as more organizations are threatened and attacked by cyber criminals. With the growing threat from cyber criminals, performing security testing to identify vulnerabilities in web systems is critical. Of all security testing techniques, fuzz testing is perhaps the best technique available today. Fuzz testing involves injecting input into a target application, including malformed, unexpected, or random data to see how it reacts when it receives bad data. In the case of web applications, fuzz testing is done by sending numerous HTTP requests (each request contains different forms of crafted or invalid data) to a web server to measure the response generated by the server.
This study will create an Automated Web Application Fuzzer which will be integrated with Jenkins so that continuous security testing of Web Applications can occur. Test cases were created using known security vulnerabilities within web applications. Testing revealed that the automation tool found vulnerabilities in thirteen (13) out of fifteen (15) test cases. Therefore, testing reveals that the majority of web vulnerabilities can be easily identified simply by reviewing the content of HTTP responses, thereby validating the effectiveness of the proposed automated web application fuzzing methodology