Open Source Fuzzing Tools

By: Gadi Evron, Noam Rathaus

Write A Review

Paperback | 14 December 2007

At a Glance

Paperback
210 Pages

Dimensions(cm)
22.86 x 19.68 x 1.91

Paperback

RRP $104.95

$95.75

or 4 interest-free payments of $23.94 with

Ships in 5 to 7 business days

Fuzzing is often described as a "black box? software testing technique. It works by automatically feeding a program multiple input iterations in an attempt to trigger an internal error indicative of a bug, and potentially crash it. Such program errors and crashes are indicative of the existence of a security vulnerability, which can later be researched and fixed.

Fuzz testing is now making a transition from a hacker-grown tool to a commercial-grade product. There are many different types of applications that can be fuzzed, many different ways they can be fuzzed, and a variety of different problems that can be uncovered. There are also problems that arise during fuzzing; when is enough enough? These issues and many others are fully explored.

Fuzzing is a fast-growing field with increasing commercial interest (7 vendors unveiled fuzzing products last year).
Vendors today are looking for solutions to the ever increasing threat of vulnerabilities. Fuzzing looks for these vulnerabilities automatically, before they are known, and eliminates them before release.
Software developers face an increasing demand to produce secure applications---and they are looking for any information to help them do that.

Shipping

	Standard Shipping	Express Shipping
Metro postcodes:	$9.99	$14.95
Regional postcodes:	$9.99	$14.95
Rural postcodes:	$9.99	$14.95

Orders over $79.00 qualify for free shipping.

How to return your order

At Booktopia, we offer hassle-free returns in accordance with our returns policy. If you wish to return an item, please get in touch with Booktopia Customer Care.

Additional postage charges may be applicable.

Defective items

If there is a problem with any of the items received for your order then the Booktopia Customer Care team is ready to assist you.

For more info please visit our Help Centre.

You Can Find This Book In

Non-Fiction Computing & I.T.Computer Programming & Software Development Software Engineering Software Testing & Verification Engineering & Technology Technology in General Computer Security Data Encryption

Introduction to Vulnerability Research	p. 1
Statement of Scope	p. 2
Off-by-One Errors	p. 3
Programming Language Use Errors	p. 5
Integer Overflows	p. 5
Bugs and Vulnerabilities	p. 7
The Vaunted Buffer Overflow	p. 7
Finding Bugs and Vulnerabilities	p. 9
Source Code Review	p. 9
Black Box Testing	p. 10
Glass Box Testing	p. 10
Fuzzing-What's That?	p. 11
Introduction	p. 12
Introduction to Fuzzing	p. 12
Milestones in Fuzzing	p. 14
Fuzzing Technology	p. 16
Traffic Sniffing	p. 18
Prepared Template	p. 19
Second-Generation Fuzzing	p. 19
File Fuzzing	p. 22
Host-side Monitoring	p. 22
Vulnerability Scanners as Fuzzers	p. 22
Uses of Fuzzing	p. 23
Open Source Fuzzers	p. 24
Commercial-Grade Fuzzers	p. 24
What Comes Next	p. 25
The Software Development Life Cycle	p. 25
Building a Fuzzing Environment	p. 27
Introduction	p. 28
Knowing What to Ask	p. 28
Basic Tools and Setup	p. 34
Data Points	p. 34
Crash Dumps	p. 34
Fuzzer Output	p. 36
Debuggers	p. 37
Recon Tools	p. 40
Linux	p. 41
OSX	p. 42
Summary	p. 44
Open Source Fuzzing Tools	p. 45
Introduction	p. 46
Frameworks	p. 46
Special-Purpose Tools	p. 48
General-Purpose Tools	p. 52
Commercial Fuzzing Solutions	p. 55
Introduction	p. 56
Build Your Own Fuzzer	p. 67
Hold Your Horses	p. 68
Fuzzer Building Blocks	p. 70
One or More Valid Data Sets	p. 70
Understanding What Each Bytein the Data Set Means	p. 71
Change the Values of the Data Sets While Maintaining the Integrity ofthe Data Being Sent	p. 72
Recreate the Same Malformed DataSet Time and Time Again	p. 72
An Arsenal of Malformed Values, or the Abilityto Create a Variety of Malformed Outputs	p. 73
Maintain a Form of a State Machine	p. 74
Summarize	p. 75
Down to Business	p. 75
Simplest Fuzz Testing Find Issues	p. 88
Integration of Fuzzing in the Development Cycle	p. 91
Introduction	p. 92
Why Is Fuzzing Important to Include in a Software Development Cycle?	p. 93
Security Testing Workload	p. 93
Setting Expectations for Fuzzers in a Software Development Lifecycle	p. 101
Fuzzing as a Panacea	p. 101
Fuzzing Tools versus	p. 103
Setting the Plan for Implementing Fuzzers into a Software Development Lifecycle	p. 103
Setting Goals	p. 104
Building and Executing on the Plan	p. 111
Understanding How to Increase Effectiveness of Fuzzers, and Avoiding Any Big Gotchas	p. 115
Hidden Costs	p. 116
Finding More Vulnerabilities	p. 119
Summary	p. 126
Solutions Fast Track	p. 126
Frequently Asked Questions	p. 130
Standardization and Certification	p. 133
Fuzzing and the Corporate Environment	p. 134
Software Security Testing, the Challenges	p. 134
Testing for Security	p. 135
Fuzzing as a Viable Option	p. 137
Business Pressure	p. 138
Software Security Certification	p. 139
Meeting Standards and Compliance	p. 139
Tester Certification	p. 140
Industry Pressure	p. 140
Antivirus Product Testing and Certification	p. 140
What Is a File?	p. 143
Introduction	p. 144
Are File Fuzzers Special?	p. 145
Analyzing and Building Files	p. 149
Textual Files	p. 150
Binary Files	p. 151
Running the Test	p. 156
Monitoring the Application with the Test Cases	p. 161
Code Coverage and Fuzzing	p. 163
Introduction	p. 164
Code Coverage	p. 164
Obtaining Code Coverage	p. 167
Instrumenting the Binary	p. 167
Monitoring a Closed Source Application	p. 169
Improving Fuzzing with Code Coverage	p. 171
Manual Improvements	p. 174
Dynamically Generating Code Coverage Improvements	p. 181
Statically Generating Code Coverage	p. 185
Weaknesses of Code Coverage	p. 188
Summary	p. 190
Solutions Fast Track	p. 190
Frequently Asked Questions	p. 192
Index	p. 193
Table of Contents provided by Ingram. All Rights Reserved.

Open Source Fuzzing Tools

At a Glance

Paperback

Shipping

How to return your order

Defective items

You Can Find This Book In

More in Technology in General

Breakneck

China's Quest to Engineer the Future

The C Programming Language

Prentice Hall Software

The Design of Everyday Things

Revised and Expanded Edition

Astronomy for Curious Kids

An illustrated introduction to the solar system, our galaxy, space travel-and more!

The Thinking Machine

Jensen Huang, Nvidia, and the World's Most Coveted Microchip

First Knowledges Innovation

Knowledge and Ingenuity

Thing Explainer

Complicated Stuff in Simple Words

The AI Con

How To Fight Big Tech's Hype and Create the Future We Want

Gilded Rage

Elon Musk and the Radicalization of Silicon Valley

Good to Great

Why Some Companies Make the Leap... And Others Don't

Concise Encyclopedia of Poultry Breeds

Epic Disruptions

11 Innovations That Shaped Our Modern World

How to Invent Everything

Rebuild All of Civilization (with 96% fewer catastrophes this time)

"Surely You're Joking, Mr. Feynman!"

Adventures of a Curious Character

Exactly

How Precision Engineers Created the Modern World

Longitude

Computer Technology for Curious Kids

An illustrated introduction to software programming, artificial intelligence, cyber-security-and more!

3D Printed Conducting Polymers

Fundamentals, Advances, and Challenges

Additive Manufacturing for Advance Applications

Technologies, Challenges and Case Studies

Advanced Two-Dimensional Material-Based Heterostructures in Sustainable Energy Storage Devices

Advances in Pre- and Post-Additive Manufacturing Processes

Innovations and Applications

Advances in Sewn Product Technology

Artificial Intelligence of Things (AIoT)

New Standards, Technologies and Communication Systems

Carbon Nanotube-Based Sensors

Fabrication, Characterization, and Implementation

This product is categorised by