Open Source Fuzzing Tools

By: Gadi Evron, Noam Rathaus

Write A Review

Paperback | 14 December 2007

At a Glance

Paperback
210 Pages

Dimensions(cm)
22.86 x 19.68 x 1.91

Paperback

RRP $104.95

$95.75

or 4 interest-free payments of $23.94 with

Ships in 5 to 7 business days

Fuzzing is often described as a "black box? software testing technique. It works by automatically feeding a program multiple input iterations in an attempt to trigger an internal error indicative of a bug, and potentially crash it. Such program errors and crashes are indicative of the existence of a security vulnerability, which can later be researched and fixed.

Fuzz testing is now making a transition from a hacker-grown tool to a commercial-grade product. There are many different types of applications that can be fuzzed, many different ways they can be fuzzed, and a variety of different problems that can be uncovered. There are also problems that arise during fuzzing; when is enough enough? These issues and many others are fully explored.

Fuzzing is a fast-growing field with increasing commercial interest (7 vendors unveiled fuzzing products last year).
Vendors today are looking for solutions to the ever increasing threat of vulnerabilities. Fuzzing looks for these vulnerabilities automatically, before they are known, and eliminates them before release.
Software developers face an increasing demand to produce secure applications---and they are looking for any information to help them do that.

Shipping

	Standard Shipping	Express Shipping
Metro postcodes:	$9.99	$14.95
Regional postcodes:	$9.99	$14.95
Rural postcodes:	$9.99	$14.95

Orders over $0.00 qualify for free shipping.

How to return your order

At Booktopia, we offer hassle-free returns in accordance with our returns policy. If you wish to return an item, please get in touch with Booktopia Customer Care.

Additional postage charges may be applicable.

Defective items

If there is a problem with any of the items received for your order then the Booktopia Customer Care team is ready to assist you.

For more info please visit our Help Centre.

You Can Find This Book In

Non-Fiction Computing & I.T.Computer Programming & Software Development Software Engineering Software Testing & Verification Engineering & Technology Technology in General Computer Security Data Encryption

Introduction to Vulnerability Research	p. 1
Statement of Scope	p. 2
Off-by-One Errors	p. 3
Programming Language Use Errors	p. 5
Integer Overflows	p. 5
Bugs and Vulnerabilities	p. 7
The Vaunted Buffer Overflow	p. 7
Finding Bugs and Vulnerabilities	p. 9
Source Code Review	p. 9
Black Box Testing	p. 10
Glass Box Testing	p. 10
Fuzzing-What's That?	p. 11
Introduction	p. 12
Introduction to Fuzzing	p. 12
Milestones in Fuzzing	p. 14
Fuzzing Technology	p. 16
Traffic Sniffing	p. 18
Prepared Template	p. 19
Second-Generation Fuzzing	p. 19
File Fuzzing	p. 22
Host-side Monitoring	p. 22
Vulnerability Scanners as Fuzzers	p. 22
Uses of Fuzzing	p. 23
Open Source Fuzzers	p. 24
Commercial-Grade Fuzzers	p. 24
What Comes Next	p. 25
The Software Development Life Cycle	p. 25
Building a Fuzzing Environment	p. 27
Introduction	p. 28
Knowing What to Ask	p. 28
Basic Tools and Setup	p. 34
Data Points	p. 34
Crash Dumps	p. 34
Fuzzer Output	p. 36
Debuggers	p. 37
Recon Tools	p. 40
Linux	p. 41
OSX	p. 42
Summary	p. 44
Open Source Fuzzing Tools	p. 45
Introduction	p. 46
Frameworks	p. 46
Special-Purpose Tools	p. 48
General-Purpose Tools	p. 52
Commercial Fuzzing Solutions	p. 55
Introduction	p. 56
Build Your Own Fuzzer	p. 67
Hold Your Horses	p. 68
Fuzzer Building Blocks	p. 70
One or More Valid Data Sets	p. 70
Understanding What Each Bytein the Data Set Means	p. 71
Change the Values of the Data Sets While Maintaining the Integrity ofthe Data Being Sent	p. 72
Recreate the Same Malformed DataSet Time and Time Again	p. 72
An Arsenal of Malformed Values, or the Abilityto Create a Variety of Malformed Outputs	p. 73
Maintain a Form of a State Machine	p. 74
Summarize	p. 75
Down to Business	p. 75
Simplest Fuzz Testing Find Issues	p. 88
Integration of Fuzzing in the Development Cycle	p. 91
Introduction	p. 92
Why Is Fuzzing Important to Include in a Software Development Cycle?	p. 93
Security Testing Workload	p. 93
Setting Expectations for Fuzzers in a Software Development Lifecycle	p. 101
Fuzzing as a Panacea	p. 101
Fuzzing Tools versus	p. 103
Setting the Plan for Implementing Fuzzers into a Software Development Lifecycle	p. 103
Setting Goals	p. 104
Building and Executing on the Plan	p. 111
Understanding How to Increase Effectiveness of Fuzzers, and Avoiding Any Big Gotchas	p. 115
Hidden Costs	p. 116
Finding More Vulnerabilities	p. 119
Summary	p. 126
Solutions Fast Track	p. 126
Frequently Asked Questions	p. 130
Standardization and Certification	p. 133
Fuzzing and the Corporate Environment	p. 134
Software Security Testing, the Challenges	p. 134
Testing for Security	p. 135
Fuzzing as a Viable Option	p. 137
Business Pressure	p. 138
Software Security Certification	p. 139
Meeting Standards and Compliance	p. 139
Tester Certification	p. 140
Industry Pressure	p. 140
Antivirus Product Testing and Certification	p. 140
What Is a File?	p. 143
Introduction	p. 144
Are File Fuzzers Special?	p. 145
Analyzing and Building Files	p. 149
Textual Files	p. 150
Binary Files	p. 151
Running the Test	p. 156
Monitoring the Application with the Test Cases	p. 161
Code Coverage and Fuzzing	p. 163
Introduction	p. 164
Code Coverage	p. 164
Obtaining Code Coverage	p. 167
Instrumenting the Binary	p. 167
Monitoring a Closed Source Application	p. 169
Improving Fuzzing with Code Coverage	p. 171
Manual Improvements	p. 174
Dynamically Generating Code Coverage Improvements	p. 181
Statically Generating Code Coverage	p. 185
Weaknesses of Code Coverage	p. 188
Summary	p. 190
Solutions Fast Track	p. 190
Frequently Asked Questions	p. 192
Index	p. 193
Table of Contents provided by Ingram. All Rights Reserved.

Open Source Fuzzing Tools

At a Glance

Paperback

Shipping

How to return your order

Defective items

You Can Find This Book In

More in Technology in General

Nelson Product Design and Technologies VCE Units 1-4

5th Edition - Student Book

Technologies for Children

3rd Edition

Mathematics for Technicians

7th Edition

Modern Engineering Mathematics

6th Edition

The Design of Everyday Things

Revised and Expanded Edition

Google Cloud Certified Cloud Digital Leader Study Guide

Sybex Study Guide

Organic-Inorganic Hybrid Nanomaterials

Energy Harvesting, Storage, and Advanced Applications

Biodeterioration of Historic Parks of the UK by Algae, Fungi, Lichens, Mosses, and Vascular Plants

Application of Ergonomics in Politics

A Layperson's Approach

Digital Fashion

Artificial Intelligence, Virtual, and Other Emerging Applications

Digital Fashion

Artificial Intelligence, Virtual, and Other Emerging Applications

The AI Con

How To Fight Big Tech's Hype and Create the Future We Want

AI for Business

A Guide to AI Adoption

Surface Modifications of Nanomaterials for Energy, Environmental and Biomedical Applications

Micro & Nano Technologies

AI and Data Science in Healthcare 5.0

Medical Robots and Devices: New Developments and Advances

Principles of Modern Grinding Technology

Metal and metal oxide nanoparticles in textile applications

The Textile Institute Book Series

Industrial Applications of Functionalized Magnetic Nanoparticles

Micro & Nano Technologies

Biofuel Perspectives

Methanol and Ethanol in Combustion Engines from Production to Practical Application

Green and Sustainable Synthesis of Iron Oxide-Based Nanomaterials for Energy and Environmental Applications

Metal Oxides

Metamaterials and Metasurfaces, Second Edition

Foundations, Trends and Applications

Whitfield's Electrical Craft Principles, 6th edition

Volume 2: Volume 2

The C Programming Language

Prentice Hall Software

The Singularity is Nearer

When We Merge with AI

This product is categorised by