Search giant Google continues to make a big splash on the security front, inviting visitors to the Google Online Security Blog to try out Flayer, its new fuzzing tool.

Says Will Drewry of the Google security team: “At WOOT’07 I presented a paper on Flayer, a tool we developed internally to augment our security testing efforts. In particular, it allows for a fuzz testing technique that compromises between the original idea and the most complicated. Flayer makes it possible to remove input sanity checks at execution time. With the small investment of identifying these checks, Flayer allows for completely random testing to be performed with much higher efficacy. Already, we’ve uncovered multiple vulnerabilities in Internet-critical software using this approach.”

While Flayer is still in its early stages, he says it’s fully functional and available for download under the GNU Public License. He says external contributions and feedback are encouraged.

Google isn’t the only one to make new contributions to the fuzzing community.

Pedram Amini, head of TippingPoint’s security research group, has been busy with colleague Aaron Portnoy touting a fuzzing tool called the Sulley framework. He also co-wrote the recently-released book “Fuzzing: Brute Force Vulnerability Discovery” along with Michael Sutton and Adam Greene.

You can read more about Amini’s efforts in our recent Q&A feature.