Attack vectors are the regions/sections of a web application where the fuzzer can inject malformed/semi-malformed data. For a web application, the following are the sections where we can perform fuzzing:
- HTTP request verbs
- HTTP request URIs
- HTTP request headers
- HTTP POST data
- Older versions of the HTTP protocol
Let's try to understand each section and all the fuzz vectors we can use for web application fuzzing.