LinkedIn Facebook twitter home page

Advanced Search

Change Location

Artech House USA
Fuzzing for Software Security

Fuzzing for Software Security

Copyright: 2008
Pages: 230
ISBN: 9781596932159

eBook $79.00 Qty:
Learn the code cracker's malicious mindset, so you can find worn-size holes in the software you are designing, testing, and building. Fuzzing for Software Security Testing and Quality Assurance takes a weapon from the black-hat arsenal to give you a powerful new tool to build secure, high-quality software. This practical resource helps you add extra protection without adding expense or time to already tight schedules and budgets. The book shows you how to make fuzzing a standard practice that integrates seamlessly with all development activities. This comprehensive reference goes through each phase of software development and points out where testing and auditing can tighten security. It surveys all popular commercial fuzzing tools and explains how to select the right one for a software development project. The book also identifies those cases where commercial tools fall short and when there is a need for building your own fuzzing tools.
IntroductionSoftware Security. Software Quality. Fuzzing. Book Goals and Layout. Software Vulnerability AnalysisPurpose of Vulnerability Analysis. People Conducting Vulnerability Analysis. Target Software. Basic Bug Categories. Bug Hunting Techniques. Fuzzing. Defenses. Quality Assurance and TestingQuality Assurance and Security. Measuring Quality, Testing for Quality. Main Categories of Testing. White-Box Testing. Black-Box Testing. Purpose of Black-Box Testing. Testing Metrics. Black-Box Testing Techniques for Security. Summary. Fuzzing MetricsThreat Analysis and Risk-Based Testing. Transition to Proactive Security. Defect Metrics and Security. Test Automation for Security. Summary. Building and Classifying FuzzersFuzzing Methods. Detailed View of Fuzzer Types. Fuzzer Classification via Interface. Summary. Target MonitoringWhat Can Go Wrong and What Does It Look Like. Methods of Monitoring. Advanced Methods. Monitoring Overview. A Test Program. Case Study: PCRE. Summary. Advanced FuzzingAutomatic Protocol Discovery. Using Code Coverage Information. Symbolic Execution. Evolutionary Fuzzing. Summary. Fuzzer ComparisonFuzzing Lifecycle. Evaluating Fuzzers. Introducing the Fuzzers. The Targets. The Bugs. Results. A Closer Look at the Results. General Conclusions. Summary. Fuzzing Case StudiesEnterprise Fuzzing. Carrier and Service Provider Fuzzing. Application Developer Fuzzing. Network Equipment Manufacturer Fuzzing. Industrial Automation Fuzzing. Blackbox Fuzzing for Security Researchers. Summary.
  • Jared D. Demott Jared D. DeMott is a software vulnerability researcher, speaker, teacher, and author. He is a leading expert on fuzzing and fuzzing tools . He earned an M.S. in computer science from Johns Hopkins University and is a Ph.D. candidate at Michigan State University.
  • Charles Miller Charlie Miller is principal analyst at Independent Security Evaluators. Previously, he spent five years at the National Security Agency. He is probably best known as the first to publicly create a remote exploit against the iPhone. Dr. Miller is also a frequent speaker at major computer security conferences. He earned his Ph.D. from the University of Notre Dame.
  • Ari Takanen Ari Takanen is the chief technical officer at Codenomicon, a software fuzzing tool company. A noted speaker and author on software testing and security, he is a graduate of Finland's University of Oulo, where he did research with the university's Secure Programming Group.
Newsletter Signup


© 2018 Artech House