Some specific points that I learned from this book:
- There are (at least) three flavors of fuzzing: 1)File fuzzing- where you create malformed files used by the application. 2) Network fuzzing - network traffic used by the application are malformed and sent and 3) Library fuzzing - calling libraries directly with malformed input.
- The more you know about the workings of the application, the better you can tune your fuzzer to generate malformed data.
- The more you know about assmebler, compilers, bytecode, and TCP/IP, the better. These are the building-blocks for fuzzing.
It's possible to run many of these tools, such as wsfuzzer, without a deep understanding of the application and the underlying technologies, but the more you know, the better you are able to understand the output and take appropriate action.