Authorization vulnerabilities, such as IDOR, are often discovered through a process known as fuzzing. Fuzzing is a security testing technique that involves automated input of various unexpected data to identify weaknesses in a web application's input validation and processing mechanisms. Because fuzzing is used to identify vulnerable applications, endpoint defenses should aim to detect it occurring both locally and remotely. If a fuzzing process is started on the same host as an EDR, the defense should stop the process immediately. This commonly occurs when an adversary (or insider threat) is running their attack from inside your network. If the fuzzing process is started from outside the perimeter, the EDR will need to detect it through the increase in network traffic. Fuzzing generates a large volume of connections against the server - often to the tune of tens of thousands in just a few seconds. While the firewall should also protect against a fuzzing attack, an EDR should act as the last-line of defense.