Open Source Fuzzing Tools

By

  • Noam Rathaus, Co-founder and CTO, Beyond Security, Israel, Microsoft Events Insider
  • Gadi Evron, Former Internet Security Operations Manager for the Israeli government, Founder of the Israeli government's Computer Emergency Response Team

Fuzzing is often described as a “black box” software testing technique. It works by automatically feeding a program multiple input iterations in an attempt to trigger an internal error indicative of a bug, and potentially crash it. Such program errors and crashes are indicative of the existence of a security vulnerability, which can later be researched and fixed.Fuzz testing is now making a transition from a hacker-grown tool to a commercial-grade product. There are many different types of applications that can be fuzzed, many different ways they can be fuzzed, and a variety of different problems that can be uncovered. There are also problems that arise during fuzzing; when is enough enough? These issues and many others are fully explored.
View full description

Audience

Security professionals of all levels and IT professionals involved in the software development process.

 

Book information

  • Published: December 2007
  • Imprint: SYNGRESS
  • ISBN: 978-1-59749-195-2


Table of Contents

Introduction to Software Testing
Introduction to Vulnerability Research
Fuzzing, what's that?
A Bit of History
Basic Fuzzing Techniques
Advanced Fuzzing Methodologies and Technologies
Open Source Solutions
Commercial Solutions
Build Your Own Fuzzer
Integration of Fuzzing in the Development Cycle
Testing Third-party Software
Certification and Regulation