Open Source Fuzzing Tools

By: Gadi Evron, Noam Rathaus

Write A Review

Paperback | 14 December 2007

At a Glance

Paperback
210 Pages

Dimensions(cm)
23.5 x 19.1 x 1.91

Paperback

RRP $85.95

$69.25

19%OFF

or 4 interest-free payments of $17.31 with

Aims to ship in 5 to 10 business days

Fuzzing is often described as a "black box? software testing technique. It works by automatically feeding a program multiple input iterations in an attempt to trigger an internal error indicative of a bug, and potentially crash it. Such program errors and crashes are indicative of the existence of a security vulnerability, which can later be researched and fixed.

Fuzz testing is now making a transition from a hacker-grown tool to a commercial-grade product. There are many different types of applications that can be fuzzed, many different ways they can be fuzzed, and a variety of different problems that can be uncovered. There are also problems that arise during fuzzing; when is enough enough? These issues and many others are fully explored.

Fuzzing is a fast-growing field with increasing commercial interest (7 vendors unveiled fuzzing products last year).
Vendors today are looking for solutions to the ever increasing threat of vulnerabilities. Fuzzing looks for these vulnerabilities automatically, before they are known, and eliminates them before release.
Software developers face an increasing demand to produce secure applications---and they are looking for any information to help them do that.

Shipping

	Standard Shipping	Express Shipping
Metro postcodes:	$9.99	$14.95
Regional postcodes:	$9.99	$14.95
Rural postcodes:	$9.99	$14.95

How to return your order

At Booktopia, we offer hassle-free returns in accordance with our returns policy. If you wish to return an item, please get in touch with Booktopia Customer Care.

Additional postage charges may be applicable.

Defective items

If there is a problem with any of the items received for your order then the Booktopia Customer Care team is ready to assist you.

For more info please visit our Help Centre.

You Can Find This Book In

Non-Fiction Computing & I.T.Computer Programming & Software Development Software Engineering Software Testing & Verification Engineering & Technology Technology in General Computer Security Data Encryption

Introduction to Vulnerability Research	p. 1
Statement of Scope	p. 2
Off-by-One Errors	p. 3
Programming Language Use Errors	p. 5
Integer Overflows	p. 5
Bugs and Vulnerabilities	p. 7
The Vaunted Buffer Overflow	p. 7
Finding Bugs and Vulnerabilities	p. 9
Source Code Review	p. 9
Black Box Testing	p. 10
Glass Box Testing	p. 10
Fuzzing-What's That?	p. 11
Introduction	p. 12
Introduction to Fuzzing	p. 12
Milestones in Fuzzing	p. 14
Fuzzing Technology	p. 16
Traffic Sniffing	p. 18
Prepared Template	p. 19
Second-Generation Fuzzing	p. 19
File Fuzzing	p. 22
Host-side Monitoring	p. 22
Vulnerability Scanners as Fuzzers	p. 22
Uses of Fuzzing	p. 23
Open Source Fuzzers	p. 24
Commercial-Grade Fuzzers	p. 24
What Comes Next	p. 25
The Software Development Life Cycle	p. 25
Building a Fuzzing Environment	p. 27
Introduction	p. 28
Knowing What to Ask	p. 28
Basic Tools and Setup	p. 34
Data Points	p. 34
Crash Dumps	p. 34
Fuzzer Output	p. 36
Debuggers	p. 37
Recon Tools	p. 40
Linux	p. 41
OSX	p. 42
Summary	p. 44
Open Source Fuzzing Tools	p. 45
Introduction	p. 46
Frameworks	p. 46
Special-Purpose Tools	p. 48
General-Purpose Tools	p. 52
Commercial Fuzzing Solutions	p. 55
Introduction	p. 56
Build Your Own Fuzzer	p. 67
Hold Your Horses	p. 68
Fuzzer Building Blocks	p. 70
One or More Valid Data Sets	p. 70
Understanding What Each Bytein the Data Set Means	p. 71
Change the Values of the Data Sets While Maintaining the Integrity ofthe Data Being Sent	p. 72
Recreate the Same Malformed DataSet Time and Time Again	p. 72
An Arsenal of Malformed Values, or the Abilityto Create a Variety of Malformed Outputs	p. 73
Maintain a Form of a State Machine	p. 74
Summarize	p. 75
Down to Business	p. 75
Simplest Fuzz Testing Find Issues	p. 88
Integration of Fuzzing in the Development Cycle	p. 91
Introduction	p. 92
Why Is Fuzzing Important to Include in a Software Development Cycle?	p. 93
Security Testing Workload	p. 93
Setting Expectations for Fuzzers in a Software Development Lifecycle	p. 101
Fuzzing as a Panacea	p. 101
Fuzzing Tools versus	p. 103
Setting the Plan for Implementing Fuzzers into a Software Development Lifecycle	p. 103
Setting Goals	p. 104
Building and Executing on the Plan	p. 111
Understanding How to Increase Effectiveness of Fuzzers, and Avoiding Any Big Gotchas	p. 115
Hidden Costs	p. 116
Finding More Vulnerabilities	p. 119
Summary	p. 126
Solutions Fast Track	p. 126
Frequently Asked Questions	p. 130
Standardization and Certification	p. 133
Fuzzing and the Corporate Environment	p. 134
Software Security Testing, the Challenges	p. 134
Testing for Security	p. 135
Fuzzing as a Viable Option	p. 137
Business Pressure	p. 138
Software Security Certification	p. 139
Meeting Standards and Compliance	p. 139
Tester Certification	p. 140
Industry Pressure	p. 140
Antivirus Product Testing and Certification	p. 140
What Is a File?	p. 143
Introduction	p. 144
Are File Fuzzers Special?	p. 145
Analyzing and Building Files	p. 149
Textual Files	p. 150
Binary Files	p. 151
Running the Test	p. 156
Monitoring the Application with the Test Cases	p. 161
Code Coverage and Fuzzing	p. 163
Introduction	p. 164
Code Coverage	p. 164
Obtaining Code Coverage	p. 167
Instrumenting the Binary	p. 167
Monitoring a Closed Source Application	p. 169
Improving Fuzzing with Code Coverage	p. 171
Manual Improvements	p. 174
Dynamically Generating Code Coverage Improvements	p. 181
Statically Generating Code Coverage	p. 185
Weaknesses of Code Coverage	p. 188
Summary	p. 190
Solutions Fast Track	p. 190
Frequently Asked Questions	p. 192
Index	p. 193
Table of Contents provided by Ingram. All Rights Reserved.

Open Source Fuzzing Tools

At a Glance

Paperback

Shipping

How to return your order

Defective items

You Can Find This Book In

More in Technology in General

Good to Great

Why Some Companies Make the Leap... And Others Don't

Wise Animals

How Technology Has Made Us What We Are

First Knowledges Innovation

Knowledge and Ingenuity

Astronomy for Curious Kids

An illustrated introduction to the solar system, our galaxy, space travel-and more!

Thing Explainer

Complicated Stuff in Simple Words

Computer Vision and Machine Intelligence for Renewable Energy Systems

Advances in Intelligent Energy Systems

Quantum Theory of Transport Properties of Single Molecules

Nomograms for Design and Operation of Cement Plants

Inverse Design Methods for the Built Environment

Manual of Environmental Management

Creative Approaches to Technology-Enhanced Learning for the Workplace and Higher Education

Proceedings of 'The Learning Ideas Conference' 2024. Volume 1

Nanomaterials and Nanotechnology

Basic, Preparation and Applications

Sustainable Energy Pathways to Net Zero

Modelling in Nanoporous Shale

Gas-water Occurrence and Transport

3D Printing for Construction in the Transformation of the Building Industry

Nanoparticles in Cancer Therapy

Innovations and Clinical Applications

Sustainable Design for the Built Environment

Sustainable Design for the Built Environment

Structural Health Monitoring Using Emerging Signal Processing Approaches with Artificial Intelligence Algorithms

Fuzzy Methods for Assessment and Decision Making

Minds Unveiled

Exploring the Effects of Generative AI on Business Behavior

The Coming Wave

The instant Sunday Times bestseller from the ultimate AI insider

Machines A Visual History

100 Machines and the Remarkable Stories Behind Each Invention

How to Raise a Healthy Gamer

End Power Struggles, Break Bad Screen Habits and Transform Your Relationship with Your Kids

This product is categorised by