Creating a Fuzz Target

Once the initialization process is complete, indicated by a check mark before the “Initialize Project” sidebar item, a fuzz test can be created. In order to create a fuzz test for a Spring Boot application, go to the sidebar menu in the dashboard and click on the “Add Fuzz Test” button.

From the list, choose to create a Java Web App Fuzz Test

select springboot

After Selecting it you will be forwarded to the second step, where you can name the new Fuzz Test and specify which endpoints you want to test. In case your Project builds multiple applications (Webgoat actually builds two) you can select the application you’re interested in testing.

Per default, the automatically generated fuzz test will test all the endpoints it detected during the initialization phase. If you’re more interested in testing selected endpoints, you can filter and select the endpoints to test.

For this example we are going to focus on the “/challenge/5” endpoint and call the new fuzz test “FuzzChallenge5”. Deselect all the controllers using the button “Deselect all” then search for the controller /challenge/5, and select it. See the image below.

