Should we onboard and fuzz our most critical assets first?

Hi there.

Question for you related to process. Should we onboard and fuzz our most critical assets first, or start smaller? Any advice on this?

Thanks,
Dan

This is an important question, and it really depends on your organization’s familiarity with fuzzing. If you are just starting out with fuzzing, it may be easier to get ahold of some of the concepts and procedures by starting with smaller, easier to package and run applications. In general, once you have a process in place for fuzzing, it’s important to apply it to your critical applications first, to uncover any critical vulnerabilities that may be lurking beneath the surface.