Open Source Fuzzing Tools

By: Gadi Evron, Noam Rathaus

Write A Review

Paperback | 14 December 2007

At a Glance

Paperback
210 Pages

Dimensions(cm)
22.86 x 19.68 x 1.91

Paperback

RRP $114.95

$102.75

11%OFF

or 4 interest-free payments of $25.69 with

Ships in 5 to 7 business days

Fuzzing is often described as a "black box? software testing technique. It works by automatically feeding a program multiple input iterations in an attempt to trigger an internal error indicative of a bug, and potentially crash it. Such program errors and crashes are indicative of the existence of a security vulnerability, which can later be researched and fixed.

Fuzz testing is now making a transition from a hacker-grown tool to a commercial-grade product. There are many different types of applications that can be fuzzed, many different ways they can be fuzzed, and a variety of different problems that can be uncovered. There are also problems that arise during fuzzing; when is enough enough? These issues and many others are fully explored.

Fuzzing is a fast-growing field with increasing commercial interest (7 vendors unveiled fuzzing products last year).
Vendors today are looking for solutions to the ever increasing threat of vulnerabilities. Fuzzing looks for these vulnerabilities automatically, before they are known, and eliminates them before release.
Software developers face an increasing demand to produce secure applications---and they are looking for any information to help them do that.

Shipping

	Standard Shipping	Express Shipping
Metro postcodes:	$9.99	$14.95
Regional postcodes:	$9.99	$14.95
Rural postcodes:	$9.99	$14.95

Orders over $89.00 qualify for free shipping.

How to return your order

At Booktopia, we offer hassle-free returns in accordance with our returns policy. If you wish to return an item, please get in touch with Booktopia Customer Care.

Additional postage charges may be applicable.

Defective items

If there is a problem with any of the items received for your order then the Booktopia Customer Care team is ready to assist you.

For more info please visit our Help Centre.

You Can Find This Book In

Non-Fiction Computing & I.T.Computer Programming & Software Development Software Engineering Software Testing & Verification Engineering & Technology Technology in General Computer Security Data Encryption

Introduction to Vulnerability Research	p. 1
Statement of Scope	p. 2
Off-by-One Errors	p. 3
Programming Language Use Errors	p. 5
Integer Overflows	p. 5
Bugs and Vulnerabilities	p. 7
The Vaunted Buffer Overflow	p. 7
Finding Bugs and Vulnerabilities	p. 9
Source Code Review	p. 9
Black Box Testing	p. 10
Glass Box Testing	p. 10
Fuzzing-What's That?	p. 11
Introduction	p. 12
Introduction to Fuzzing	p. 12
Milestones in Fuzzing	p. 14
Fuzzing Technology	p. 16
Traffic Sniffing	p. 18
Prepared Template	p. 19
Second-Generation Fuzzing	p. 19
File Fuzzing	p. 22
Host-side Monitoring	p. 22
Vulnerability Scanners as Fuzzers	p. 22
Uses of Fuzzing	p. 23
Open Source Fuzzers	p. 24
Commercial-Grade Fuzzers	p. 24
What Comes Next	p. 25
The Software Development Life Cycle	p. 25
Building a Fuzzing Environment	p. 27
Introduction	p. 28
Knowing What to Ask	p. 28
Basic Tools and Setup	p. 34
Data Points	p. 34
Crash Dumps	p. 34
Fuzzer Output	p. 36
Debuggers	p. 37
Recon Tools	p. 40
Linux	p. 41
OSX	p. 42
Summary	p. 44
Open Source Fuzzing Tools	p. 45
Introduction	p. 46
Frameworks	p. 46
Special-Purpose Tools	p. 48
General-Purpose Tools	p. 52
Commercial Fuzzing Solutions	p. 55
Introduction	p. 56
Build Your Own Fuzzer	p. 67
Hold Your Horses	p. 68
Fuzzer Building Blocks	p. 70
One or More Valid Data Sets	p. 70
Understanding What Each Bytein the Data Set Means	p. 71
Change the Values of the Data Sets While Maintaining the Integrity ofthe Data Being Sent	p. 72
Recreate the Same Malformed DataSet Time and Time Again	p. 72
An Arsenal of Malformed Values, or the Abilityto Create a Variety of Malformed Outputs	p. 73
Maintain a Form of a State Machine	p. 74
Summarize	p. 75
Down to Business	p. 75
Simplest Fuzz Testing Find Issues	p. 88
Integration of Fuzzing in the Development Cycle	p. 91
Introduction	p. 92
Why Is Fuzzing Important to Include in a Software Development Cycle?	p. 93
Security Testing Workload	p. 93
Setting Expectations for Fuzzers in a Software Development Lifecycle	p. 101
Fuzzing as a Panacea	p. 101
Fuzzing Tools versus	p. 103
Setting the Plan for Implementing Fuzzers into a Software Development Lifecycle	p. 103
Setting Goals	p. 104
Building and Executing on the Plan	p. 111
Understanding How to Increase Effectiveness of Fuzzers, and Avoiding Any Big Gotchas	p. 115
Hidden Costs	p. 116
Finding More Vulnerabilities	p. 119
Summary	p. 126
Solutions Fast Track	p. 126
Frequently Asked Questions	p. 130
Standardization and Certification	p. 133
Fuzzing and the Corporate Environment	p. 134
Software Security Testing, the Challenges	p. 134
Testing for Security	p. 135
Fuzzing as a Viable Option	p. 137
Business Pressure	p. 138
Software Security Certification	p. 139
Meeting Standards and Compliance	p. 139
Tester Certification	p. 140
Industry Pressure	p. 140
Antivirus Product Testing and Certification	p. 140
What Is a File?	p. 143
Introduction	p. 144
Are File Fuzzers Special?	p. 145
Analyzing and Building Files	p. 149
Textual Files	p. 150
Binary Files	p. 151
Running the Test	p. 156
Monitoring the Application with the Test Cases	p. 161
Code Coverage and Fuzzing	p. 163
Introduction	p. 164
Code Coverage	p. 164
Obtaining Code Coverage	p. 167
Instrumenting the Binary	p. 167
Monitoring a Closed Source Application	p. 169
Improving Fuzzing with Code Coverage	p. 171
Manual Improvements	p. 174
Dynamically Generating Code Coverage Improvements	p. 181
Statically Generating Code Coverage	p. 185
Weaknesses of Code Coverage	p. 188
Summary	p. 190
Solutions Fast Track	p. 190
Frequently Asked Questions	p. 192
Index	p. 193
Table of Contents provided by Ingram. All Rights Reserved.

Open Source Fuzzing Tools

At a Glance

Paperback

Shipping

How to return your order

Defective items

You Can Find This Book In

More in Technology in General

Brave New Wild

Can Technology Really Save the Planet?

Thing Explainer

Complicated Stuff in Simple Words

If Anyone Builds It, Everyone Dies

The Case Against Superintelligent AI

Apple

The First 50 Years

Good to Great

Why Some Companies Make the Leap... And Others Don't

The Accidental Architect

How I Built an AI-Powered IT Operation with No Code, No Budget, and No Idea What I Was Doing

Materials, Circuits and Devices

Volume 2: Volume 2

Foundations of High Performance Computing

A Comprehensive Guide to Systems, Concepts, and Programming

Artificial Religion

On AI, Myth, and Power

AI and Data Science in Medical Research

New Developments and Advances

Human Spoken Interaction as a Complex Adaptive System

A Longitudinal Study of L2 Interaction

Sustainable Uses of Aromatic Plants in Nanotechnology

Smart Nanomaterials Technology

Proceedings of the 9th International Conference on Recent Advances in Material Chemistry

Springer Proceedings in Materials

Requirements Practice in Conceptual Design

A Practical Guide, Second Edition

Seismic Response Analysis Methods for Site-Structure Systems

Woodhead Publishing Series in Civil and Structural Engineering

The Aircraft Book

The Definitive Visual History

Engineering Drawing + Sketchbook

8th Edition

Indistractable

How to Control Your Attention and Choose Your Life

The Design of Everyday Things

Revised and Expanded Edition

Astronomy for Curious Kids

An illustrated introduction to the solar system, our galaxy, space travel-and more!

The Coming Wave

AI, Power and the 21st Century's Greatest Dilemma

Introduction to Industrial Engineering

Kalman Filtering

Theory and Application

Power Systems

Dynamic Estimation and Control

This product is categorised by