Open Source Fuzzing Tools.
Title:
Open Source Fuzzing Tools.
Author:
Rathaus, Noam.
ISBN:
9780080555614
Personal Author:
Physical Description:
1 online resource (209 pages)
Contents:
Front Cover -- Open Source Fuzzing Tools -- Copyright Page -- Contributing Authors -- Contents -- Chapter 1: Introduction to Vulnerability Research -- Statement of Scope -- Off-by-One Errors -- Programming Language Use Errors -- Integer Overflows -- Bugs and Vulnerabilities -- The Vaunted Buffer Overflow -- Finding Bugs and Vulnerabilities -- Source Code Review -- Black Box Testing -- Glass Box Testing -- Chapter 2: Fuzzing-What's That? -- Introduction -- Introduction to Fuzzing -- Milestones in Fuzzing -- Fuzzing Technology -- Traffic Sniffing -- Prepared Template -- Second-Generation Fuzzing -- File Fuzzing -- Host-side Monitoring -- Vulnerability Scanners as Fuzzers -- Uses of Fuzzing -- Open Source Fuzzers -- Commercial-Grade Fuzzers -- What Comes Next -- The Software Development Life Cycle -- Chapter 3: Building a Fuzzing Environment -- Introduction -- Knowing What to Ask... -- Basic Tools and Setup -- Data Points -- Crash Dumps -- Fuzzer Output -- Debuggers -- Recon Tools -- Linux -- OSX -- Summary -- Chapter 4: Open Source Fuzzing Tools -- Introduction -- Frameworks -- Special-Purpose Tools -- General-Purpose Tools -- Chapter 5: Commercial Fuzzing Solutions -- Introduction -- beSTORM (by Beyond Security) -- BPS-1000 (by BreakingPoint Systems) -- Codenomicon -- Mu-4000 Security Analyzer (by Mu Security) -- Chapter 6: Build Your Own Fuzzer -- Hold Your Horses -- Fuzzer Building Blocks -- One or More Valid Data Sets -- Understanding What Each Bytein the Data Set Means -- Change the Values of the Data Sets While Maintaining the Integrity ofthe Data Being Sent -- Recreate the Same Malformed DataSet Time and Time Again -- An Arsenal of Malformed Values, or the Abilityto Create a Variety of Malformed Outputs -- Maintain a Form of a State Machine -- Summarize -- Down to Business -- Simplest Fuzz Testing Find Issues.
Chapter 7: Integration of Fuzzing in the Development Cycle -- Introduction -- Why Is Fuzzing Important to Include in a Software Development Cycle? -- Security Testing Workload -- Setting Expectations for Fuzzers in a Software Development Lifecycle -- Fuzzing as a Panacea -- Fuzzing Tools versus ... -- Setting the Plan for Implementing Fuzzers into a Software Development Lifecycle -- Setting Goals -- Building and Executing on the Plan -- Understanding How to Increase Effectiveness of Fuzzers, and Avoiding Any Big Gotchas -- Hidden Costs -- Finding More Vulnerabilities -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Chapter 8: Standardization and Certification -- Fuzzing and the Corporate Environment -- Software Security Testing, the Challenges -- Testing for Security -- Fuzzing as a Viable Option -- Business Pressure -- Software Security Certification -- Meeting Standards and Compliance -- Tester Certification -- Industry Pressure -- Antivirus Product Testing and Certification -- Chapter 9: What Is a File? -- Introduction -- Are File Fuzzers Special? -- Analyzing and Building Files -- Textual Files -- Binary Files -- Running the Test -- Monitoring the Application with the Test Cases -- Chapter 10: Code Coverage and Fuzzing -- Introduction -- Code Coverage -- Obtaining Code Coverage -- Instrumenting the Binary -- Monitoring a Closed Source Application -- Improving Fuzzing with Code Coverage -- Manual Improvements -- Dynamically Generating Code Coverage Improvements -- Statically Generating Code Coverage -- Weaknesses of Code Coverage -- Summary -- Solutions Fast Track -- Frequently Asked Questions -- Index.
Abstract:
Fuzzing is often described as a "black box software testing technique. It works by automatically feeding a program multiple input iterations in an attempt to trigger an internal error indicative of a bug, and potentially crash it. Such program errors and crashes are indicative of the existence of a security vulnerability, which can later be researched and fixed. Fuzz testing is now making a transition from a hacker-grown tool to a commercial-grade product. There are many different types of applications that can be fuzzed, many different ways they can be fuzzed, and a variety of different problems that can be uncovered. There are also problems that arise during fuzzing; when is enough enough? These issues and many others are fully explored. * Fuzzing is a fast-growing field with increasing commercial interest (7 vendors unveiled fuzzing products last year). * Vendors today are looking for solutions to the ever increasing threat of vulnerabilities. Fuzzing looks for these vulnerabilities automatically, before they are known, and eliminates them before release. * Software developers face an increasing demand to produce secure applications---and they are looking for any information to help them do that.
Local Note:
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2017. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.
Genre:
Added Author:
Electronic Access:
Click to View