Fuzzing: Brute Force Vulnerability Discovery
Product Description
Fuzzing: Brute Force Vulnerability Discovery
<P style="MARGIN: 0px">FUZZING</P> <P style="MARGIN: 0px">Master One of Today’s Most Powerful Techniques for Revealing Security Flaws!</P> <P style="MARGIN: 0px">Fuzzing has evolved into one of today’s most effective approaches to test software security. To “fuzz,†you attach a program’s inputs to a source of random data, and then systematically identify the failures that arise. Hackers have</P> <P style="MARGIN: 0px">relied on fuzzing for years: Now, it’s your turn. In this book, renowned fuzzing experts show you how to use fuzzing to reveal weaknesses in your software before someone else does.</P> <P style="MARGIN: 0px"> <I> </I> </P> <P style="MARGIN: 0px"> <I>Fuzzing </I>is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work. Coverage includes:</P> <P style="MARGIN: 0px"> </P> <P style="MARGIN: 0px">• Why fuzzing simplifies test design and catches flaws other methods miss</P> <P style="MARGIN: 0px">• The fuzzing process: from identifying inputs to assessing “exploitabilityâ€</P> <P style="MARGIN: 0px">• Understanding the requirements for effective fuzzing</P> <P style="MARGIN: 0px">• Comparing mutation-based and generation-based fuzzers</P> <P style="MARGIN: 0px">• Using and automating environment variable and argument fuzzing</P> <P style="MARGIN: 0px">• Mastering in-memory fuzzing techniques</P> <P style="MARGIN: 0px">• Constructing custom fuzzing frameworks and tools</P> <P style="MARGIN: 0px">• Implementing intelligent fault detection</P> <P style="MARGIN: 0px"> </P> <P style="MARGIN: 0px">Attackers are already using fuzzing. You should, too. Whether you’re a developer, security engineer, tester, or QA specialist, this book teaches you how to build secure software.</P> <P style="MARGIN: 0px"> </P> <P style="MARGIN: 0px">Foreword    xix</P> <P style="MARGIN: 0px">Preface       xxi</P> <P style="MARGIN: 0px">Acknowledgments xxv</P> <P style="MARGIN: 0px">About the Author  xxvii</P> <P style="MARGIN: 0px"> <B>P</B> <B>ARTI        B</B> <B>ACKGROUND    1</B> </P> <P style="MARGIN: 0px">Chapter 1   Vulnerability Discovery Methodologies 3</P> <P style="MARGIN: 0px">Chapter 2   What Is Fuzzing?  21</P> <P style="MARGIN: 0px">Chapter 3   Fuzzing Methods and Fuzzer Types    33</P> <P style="MARGIN: 0px">Chapter 4   Data Representation and Analysis       45</P> <P style="MARGIN: 0px">Chapter 5   Requirements for Effective Fuzzing     61</P> <P style="MARGIN: 0px"> <B>P</B> <B>ART II     T</B> <B>ARGETS AND A</B> <B>UTOMATION         71</B> </P> <P style="MARGIN: 0px">Chapter 6   Automation and Data Generation       73</P> <P style="MARGIN: 0px">Chapter 7   Environment Variable and Argument Fuzzing 89</P> <P style="MARGIN: 0px">Chapter 8   Environment Variable and Argument Fuzzing: Automation 103</P> <P style="MARGIN: 0px">Chapter 9   Web Application and Server Fuzzing    113</P> <P style="MARGIN: 0px">Chapter 10 Web Application and Server Fuzzing: Automation   137</P> <P style="MARGIN: 0px">Chapter 11 File Format Fuzzing        169</P> <P style="MARGIN: 0px">Chapter 12 File Format Fuzzing: Automation on UNIX    181</P> <P style="MARGIN: 0px">Chapter 13 File Format Fuzzing: Automation on Windows        197</P> <P style="MARGIN: 0px">Chapter 14 Network Protocol Fuzzing        223</P> <P style="MARGIN: 0px">Chapter 15 Network Protocol Fuzzing: Automation on UNIX    235</P> <P style="MARGIN: 0px">Chapter 16 Network Protocol Fuzzing: Automation on Windows        249</P> <P style="MARGIN: 0px">Chapter 17 Web Browser Fuzzing     267</P> <P style="MARGIN: 0px">Chapter 18 Web Browser Fuzzing: Automation    283</P> <P style="MARGIN: 0px">Chapter 19 In-Memory Fuzzing        301</P> <P style="MARGIN: 0px">Chapter 20 In-Memory Fuzzing: Automation        315</P> <P style="MARGIN: 0px"> <B>P</B> <B>ART III   A</B> <B>DVANCED F</B> <B>UZZING T</B> <B>ECHNOLOGIES     349</B> </P> <P style="MARGIN: 0px">Chapter 21 Fuzzing Frameworks      351</P> <P style="MARGIN: 0px">Chapter 22 Automated Protocol Dissection 419</P> <P style="MARGIN: 0px">Chapter 23 Fuzzer Tracking    437</P> <P style="MARGIN: 0px">Chapter 24 Intelligent Fault Detection 471</P> <P style="MARGIN: 0px"> <B>P</B> <B>ART IV    L</B> <B>OOKING F</B> <B>ORWARD   495</B> </P> <P style="MARGIN: 0px">Chapter 25 Lessons Learned   497</P> <P style="MARGIN: 0px">Chapter 26 Looking Forward   507</P> <P style="MARGIN: 0px">Index 519</P> <P style="MARGIN: 0px"> </P> <P style="MARGIN: 0px"> </P>
Technical Specifications
You might also like
The Shellcoder's Handbook: Discovering and Exploiting Security Holes
Hacking: The Art of Exploitation, 2nd Edition
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities (2 Volume set)
Black Hat Python: Python Programming for Hackers and Pentesters
The Hacker Playbook 2: Practical Guide To Penetration Testing
The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory
Blue Team Field Manual (BTFM) (RTFM)
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software