Open Source Fuzzing Tools
By- Noam Rathaus, Co-founder and CTO, Beyond Security, Israel, Microsoft Events Insider
- Gadi Evron, Former Internet Security Operations Manager for the Israeli government, Founder of the Israeli government's Computer Emergency Response Team
Fuzzing is often described as a black box software testing technique. It works by automatically feeding a program multiple input iterations in an attempt to trigger an internal error indicative of a bug, and potentially crash it. Such program errors and crashes are indicative of the existence of a security vulnerability, which can later be researched and fixed.Fuzz testing is now making a transition from a hacker-grown tool to a commercial-grade product. There are many different types of applications that can be fuzzed, many different ways they can be fuzzed, and a variety of different problems that can be uncovered. There are also problems that arise during fuzzing; when is enough enough? These issues and many others are fully explored.
Audience
Security professionals of all levels and IT professionals involved in the software development process.
Paperback, 210 Pages
Published: December 2007
Imprint: Syngress
ISBN: 978-1-59749-195-2
Contents
- Introduction to Software Testing
Introduction to Vulnerability Research
Fuzzing, what's that?
A Bit of History
Basic Fuzzing Techniques
Advanced Fuzzing Methodologies and Technologies
Open Source Solutions
Commercial Solutions
Build Your Own Fuzzer
Integration of Fuzzing in the Development Cycle
Testing Third-party Software
Certification and Regulation
