"Fuzzing for Software Security Testing and Quality Assurance" gives software developers a powerful new tool to build secure, high-quality software, and takes a weapon from the malicious hackers' arsenal. This practical resource helps developers think like a software cracker, so they can find and patch flaws in software before harmful viruses, worms, and Trojans can use these vulnerabilities to rampage systems. Traditional software programmers and testers learn how to make fuzzing a standard practice that integrates seamlessly with all development activities. The book progresses through each phase of software development and points out where testing and auditing can tighten security. It surveys all popular commercial fuzzing tools and explains how to select the right one for a software development project. The book also covers those cases where commercial tools fall short and developers need to build their own custom fuzzing tools.
Fuzzing for Software Security Testing and Quality Assurance
and over one million other books are available for Amazon Kindle.
Learn more
FREE Two-Day Shipping for Students. Learn more |
| |||||||||||||||
Book Description
Special Offers and Product Promotions
- Buy $50 in qualifying physical textbooks, get $5 in Amazon MP3 Credit. Here's how (restrictions apply)
Frequently Bought Together
Editorial Reviews
About the Author
Ari Takanen is the chief technical officer at Codenomicon, a software fuzzing tool company. A noted speaker and author on software testing and security, he is a graduate of Finland's University of Oulo, where he did research with the university's Secure Programming Group. Jared D. DeMott is a software vulnerability researcher, speaker, teacher, and author. He is a leading expert on fuzzing and fuzzing tools. He earned an M.S. in computer science from Johns Hopkins University and is a Ph.D. candidate at Michigan State University. Charlie Miller is principal analyst at Independent Security Evaluators. Previously, he spent five years at the National Security Agency. He is probably best known as the first to publicly create a remote exploit against the iPhone. Dr. Miller is also a frequent speaker at major computer security conferences. He earned his Ph.D. from the University of Notre Dame.
Product Details
Would you like to update product info or give feedback on images?
|
More About the Author
Ari Takanen, founder and CTO of Codenomicon, has since 1998 been focusing his work on information security issues in next-generation networks and security critical environments. His work at Codenomicon and the OUSPG (Oulu University Secure Programming Group) aims at ensuring that new technologies gain wide public acceptance, by providing means of measuring and solidifying the quality of networked software. Ari Takanen is one of the people behind the PROTOS research project, which studied information security and reliability errors in e.g. WAP, SNMP, LDAP, VoIP implementations. Ari is the author of several papers on security, and is a frequent speaker at security and testing conferences, as well as leading universities and international corporations. He is also author of two books on VoIP security and on security testing.
Customer Reviews
|
Share your thoughts with other customers:
|
||||||||||||||||||||||
|
Most Helpful Customer Reviews
4 of 4 people found the following review helpful:
1.0 out of 5 stars
Disappointing and a mess,
This review is from: Fuzzing for Software Security Testing and Quality Assurance (Artech House Information Security and Privacy) (Hardcover)
The introduction to this book mentions its broken up history, being picked up and abandoned a couple times. It definitely shows in the writing, which is unfocused, choppy, and repetitive. Most of the first half is taken up with repetitive descriptions of the general software testing process. The second half contains a summary of one author's thesis on using evolutionary algorithms for fuzzing and the final author's use of various fuzzing tools to try to find hand-inserted vulnerabilities. While the latter half is better than the first, each topic is worthy of a single blog post. Given this book's price and the authors' reputations, I expected more.
At the same time, I read "Gray Hat Python" and it was enjoyable. Even though it had a much broader focus on other topics, it contained more hands-on info on fuzzing tools. I'm also interested in "Fuzzing: Brute Force Vulnerability Discovery", although I have not read it yet. Don't waste your time on this book. Download the Sulley manual, read the slides from a few Blackhat talks, and you'll be at the state of the art for current fuzzing knowledge.
2 of 3 people found the following review helpful:
5.0 out of 5 stars
One of the Best Resources on Fuzzing by Highly Skilled ex-NSA Employees,
By Robert "Linux User, Attorney, Hacker" (Herndon, VA, United States) - See all my reviews (VINE VOICE) (REAL NAME)
Amazon Verified Purchase(What's this?)
This review is from: Fuzzing for Software Security Testing and Quality Assurance (Artech House Information Security and Privacy) (Hardcover)
Fuzzing generally involves testing the parameters of an application using random or specifically formatted randomized input to evaluate whether a given application crashes and/ or can be exploited. At least two of the authors have worked at the National Security Agency. Dr. Charlie Miller is well known for publishing an interesting article on the economics of the black market trading of security vulnerabilities (avaliable at weis2007.econinfosec.org/papers/29.pdf). Dr. Miller demonstrated the utility of the procedures discussed in this book at BlackHat 2008. This book provides insight into an area of research that is not usually publicly avaliable. The book details a number of open-source and commercially avaliable fuzzers and their relative reliability in finding bugs. Fuzzers are one of the most reliable methods for finding vulnerabilities in closed source programs. The book is conceptually accessible to an individual with some knowledge of secure programming and vulnerabilities.
Share your thoughts with other customers: Create your own review
|
|
Inside This Book
(learn more)
Key Phrases - Statistically Improbable Phrases (SIPs):
(learn more)
target monitoring, security metrics, replacing fear, tiger team approach, web fuzzing, file fuzzing, fuzzing framework, input space coverage, fuzzing tools, one fuzzer, application fuzzing, different fuzzers, other fuzzers, file fuzzers, session mutation, fuzz tests, intelligent fuzzer, code auditing tools, char tempbuf, commercial fuzzers, fuzz testing, fuzzing process, test automation frameworks, source code auditing, being fuzzed Key Phrases - Capitalized Phrases (CAPs): (learn more)
Guard Malloc, Fuzzing Metrics, Evolutionary Fuzzing, Fuzzer Comparison, Advanced Fuzzing, Fuzzing Case Studies, Detailed View of Fuzzer Types, Boris Beizer, Methods of Monitoring, Basic Bug Categories, Software Quality, Software Testing Techniques, University of Oulu, International Thomson Computer Press, Service Pack, Process Explorer, The Monkey, Boris Belzer, Windows Server, Oulu University Secure Programming Group, Resolving Vulnerability Cases, Michael Sutton, Locate the User, Program Files, Fuzzing Methods Browse Sample Pages:
Front Cover | Table of Contents | First Pages | Index | Surprise Me!
target monitoring, security metrics, replacing fear, tiger team approach, web fuzzing, file fuzzing, fuzzing framework, input space coverage, fuzzing tools, one fuzzer, application fuzzing, different fuzzers, other fuzzers, file fuzzers, session mutation, fuzz tests, intelligent fuzzer, code auditing tools, char tempbuf, commercial fuzzers, fuzz testing, fuzzing process, test automation frameworks, source code auditing, being fuzzed Key Phrases - Capitalized Phrases (CAPs): (learn more)
Guard Malloc, Fuzzing Metrics, Evolutionary Fuzzing, Fuzzer Comparison, Advanced Fuzzing, Fuzzing Case Studies, Detailed View of Fuzzer Types, Boris Beizer, Methods of Monitoring, Basic Bug Categories, Software Quality, Software Testing Techniques, University of Oulu, International Thomson Computer Press, Service Pack, Process Explorer, The Monkey, Boris Belzer, Windows Server, Oulu University Secure Programming Group, Resolving Vulnerability Cases, Michael Sutton, Locate the User, Program Files, Fuzzing Methods Browse Sample Pages:
Front Cover | Table of Contents | First Pages | Index | Surprise Me!
What Other Items Do Customers Buy After Viewing This Item?
Tags Customers Associate with This Product(What's this?)Click on a tag to find related items, discussions, and people.
|
Customer Discussions
|
This product's forum
Active discussions in related forums
Search Customer Discussions
|
Related forums
|
Listmania!
So You'd Like to...
Look for Similar Items by Category
- Books > Computers & Technology > Business & Culture > Privacy
- Books > Computers & Technology > Certification > CompTIA
- Books > Computers & Technology > Computer Science > Software Engineering
- Books > Computers & Technology > Programming > Software Design, Testing & Engineering > Software Development
- Books > Computers & Technology > Programming > Software Design, Testing & Engineering > Testing
- Books > Computers & Technology > Security & Encryption
- Books > Computers & Technology > Software
- Books > New & Used Textbooks > Computer Science > Software Design & Engineering
- Books > Professional & Technical > Engineering
