Open Source Fuzzing Tools

By: Gadi Evron, Noam Rathaus

Write A Review

Paperback | 14 December 2007

At a Glance

Paperback
212 Pages

Dimensions(cm)
23.5 x 19.05 x 1.14

Paperback

RRP $114.95

$102.75

11%OFF

or 4 interest-free payments of $25.69 with

Ships in 5 to 7 business days

Fuzzing is often described as a "black box? software testing technique. It works by automatically feeding a program multiple input iterations in an attempt to trigger an internal error indicative of a bug, and potentially crash it. Such program errors and crashes are indicative of the existence of a security vulnerability, which can later be researched and fixed.

Fuzz testing is now making a transition from a hacker-grown tool to a commercial-grade product. There are many different types of applications that can be fuzzed, many different ways they can be fuzzed, and a variety of different problems that can be uncovered. There are also problems that arise during fuzzing; when is enough enough? These issues and many others are fully explored.

Fuzzing is a fast-growing field with increasing commercial interest (7 vendors unveiled fuzzing products last year).
Vendors today are looking for solutions to the ever increasing threat of vulnerabilities. Fuzzing looks for these vulnerabilities automatically, before they are known, and eliminates them before release.
Software developers face an increasing demand to produce secure applications---and they are looking for any information to help them do that.

Shipping

	Standard Shipping	Express Shipping
Metro postcodes:	$9.99	$14.95
Regional postcodes:	$9.99	$14.95
Rural postcodes:	$9.99	$14.95

Orders over $89.00 qualify for free shipping.

How to return your order

At Booktopia, we offer hassle-free returns in accordance with our returns policy. If you wish to return an item, please get in touch with Booktopia Customer Care.

Additional postage charges may be applicable.

Defective items

If there is a problem with any of the items received for your order then the Booktopia Customer Care team is ready to assist you.

For more info please visit our Help Centre.

You Can Find This Book In

Non-Fiction Computing & I.T.Computer Programming & Software Development Software Engineering Software Testing & Verification Engineering & Technology Technology in General Computer Security Data Encryption

Introduction to Vulnerability Research	p. 1
Statement of Scope	p. 2
Off-by-One Errors	p. 3
Programming Language Use Errors	p. 5
Integer Overflows	p. 5
Bugs and Vulnerabilities	p. 7
The Vaunted Buffer Overflow	p. 7
Finding Bugs and Vulnerabilities	p. 9
Source Code Review	p. 9
Black Box Testing	p. 10
Glass Box Testing	p. 10
Fuzzing-What's That?	p. 11
Introduction	p. 12
Introduction to Fuzzing	p. 12
Milestones in Fuzzing	p. 14
Fuzzing Technology	p. 16
Traffic Sniffing	p. 18
Prepared Template	p. 19
Second-Generation Fuzzing	p. 19
File Fuzzing	p. 22
Host-side Monitoring	p. 22
Vulnerability Scanners as Fuzzers	p. 22
Uses of Fuzzing	p. 23
Open Source Fuzzers	p. 24
Commercial-Grade Fuzzers	p. 24
What Comes Next	p. 25
The Software Development Life Cycle	p. 25
Building a Fuzzing Environment	p. 27
Introduction	p. 28
Knowing What to Ask	p. 28
Basic Tools and Setup	p. 34
Data Points	p. 34
Crash Dumps	p. 34
Fuzzer Output	p. 36
Debuggers	p. 37
Recon Tools	p. 40
Linux	p. 41
OSX	p. 42
Summary	p. 44
Open Source Fuzzing Tools	p. 45
Introduction	p. 46
Frameworks	p. 46
Special-Purpose Tools	p. 48
General-Purpose Tools	p. 52
Commercial Fuzzing Solutions	p. 55
Introduction	p. 56
Build Your Own Fuzzer	p. 67
Hold Your Horses	p. 68
Fuzzer Building Blocks	p. 70
One or More Valid Data Sets	p. 70
Understanding What Each Bytein the Data Set Means	p. 71
Change the Values of the Data Sets While Maintaining the Integrity ofthe Data Being Sent	p. 72
Recreate the Same Malformed DataSet Time and Time Again	p. 72
An Arsenal of Malformed Values, or the Abilityto Create a Variety of Malformed Outputs	p. 73
Maintain a Form of a State Machine	p. 74
Summarize	p. 75
Down to Business	p. 75
Simplest Fuzz Testing Find Issues	p. 88
Integration of Fuzzing in the Development Cycle	p. 91
Introduction	p. 92
Why Is Fuzzing Important to Include in a Software Development Cycle?	p. 93
Security Testing Workload	p. 93
Setting Expectations for Fuzzers in a Software Development Lifecycle	p. 101
Fuzzing as a Panacea	p. 101
Fuzzing Tools versus	p. 103
Setting the Plan for Implementing Fuzzers into a Software Development Lifecycle	p. 103
Setting Goals	p. 104
Building and Executing on the Plan	p. 111
Understanding How to Increase Effectiveness of Fuzzers, and Avoiding Any Big Gotchas	p. 115
Hidden Costs	p. 116
Finding More Vulnerabilities	p. 119
Summary	p. 126
Solutions Fast Track	p. 126
Frequently Asked Questions	p. 130
Standardization and Certification	p. 133
Fuzzing and the Corporate Environment	p. 134
Software Security Testing, the Challenges	p. 134
Testing for Security	p. 135
Fuzzing as a Viable Option	p. 137
Business Pressure	p. 138
Software Security Certification	p. 139
Meeting Standards and Compliance	p. 139
Tester Certification	p. 140
Industry Pressure	p. 140
Antivirus Product Testing and Certification	p. 140
What Is a File?	p. 143
Introduction	p. 144
Are File Fuzzers Special?	p. 145
Analyzing and Building Files	p. 149
Textual Files	p. 150
Binary Files	p. 151
Running the Test	p. 156
Monitoring the Application with the Test Cases	p. 161
Code Coverage and Fuzzing	p. 163
Introduction	p. 164
Code Coverage	p. 164
Obtaining Code Coverage	p. 167
Instrumenting the Binary	p. 167
Monitoring a Closed Source Application	p. 169
Improving Fuzzing with Code Coverage	p. 171
Manual Improvements	p. 174
Dynamically Generating Code Coverage Improvements	p. 181
Statically Generating Code Coverage	p. 185
Weaknesses of Code Coverage	p. 188
Summary	p. 190
Solutions Fast Track	p. 190
Frequently Asked Questions	p. 192
Index	p. 193
Table of Contents provided by Ingram. All Rights Reserved.

Open Source Fuzzing Tools

At a Glance

Paperback

Shipping

How to return your order

Defective items

You Can Find This Book In

More in Technology in General

Thing Explainer

Complicated Stuff in Simple Words

Power and Progress

Our Thousand-Year Struggle Over Technology and Prosperity | Winners of the 2024 Nobel Prize for Economics

If Anyone Builds It, Everyone Dies

The Case Against Superintelligent AI

Microsoft Planner For Dummies

Good to Great

Why Some Companies Make the Leap... And Others Don't

Kay's Incredible Inventions

A fascinating and fantastically funny guide to inventions that changed the world (and some that definitely didn't)

Advanced Analytics for Industry 4.0

Technology Industries

AI and Data Science in Medical Research

New Developments and Advances

Materials, Circuits and Devices

Volume 2: Volume 2

Foundations of High Performance Computing

A Comprehensive Guide to Systems, Concepts, and Programming

Computational Mineral Physics

A Practical Guide for Earth Scientists

Unknown Enemy

The Hidden Nazi Force That Built the Third Reich

Requirements Practice in Conceptual Design

A Practical Guide, Second Edition

Microalgal Biofuels

Biotechnology and Biorefineries

Foundations of Digital Twins

Proceedings of the 9th International Conference on Recent Advances in Material Chemistry

Springer Proceedings in Materials

The Design of Everyday Things

Revised and Expanded Edition

Indistractable

How to Control Your Attention and Choose Your Life

The Coming Wave

AI, Power and the 21st Century's Greatest Dilemma

Hydrogels in Orthopedic Tissue Engineering

Advances in Bone and Cartilage Regeneration

Nanofluid Applications in Thermal Engineering

Advanced Numerical Investigations

Collaborative Learning for 6G Mobile Wireless Networks

Nanocomposites for Membranes and Environmental Remediation Applications

Woodhead Publishing Series in Composites Science and Engineering

Exactly

How Precision Engineers Created the Modern World

This product is categorised by