Join Books.org — it's free
Home > Books > Open Source Fuzzing Tools

Open Source Fuzzing Tools by Noam Rathaus — book cover
Quality Control & Testing - Programming, Computer Security, General Software Engineering

Open Source Fuzzing Tools

by Noam Rathaus, Gadi Evron
Available on Bookshop Write a review

Books.org participates in affiliate programs including Bookshop.org and the Amazon Services LLC Associates Program. We may earn a commission from qualifying purchases made through links on this page, at no additional cost to you.

Log in to track your reading progress.

Overview

Fuzzing is often described as a “black box” software testing technique. It works by automatically feeding a program multiple input iterations in an attempt to trigger an internal error indicative of a bug, and potentially crash it. Such program errors and crashes are indicative of the existence of a security vulnerability, which can later be researched and fixed.

Fuzz testing is now making a transition from a hacker-grown tool to a commercial-grade product. There are many different types of applications that can be fuzzed, many different ways they can be fuzzed, and a variety of different problems that can be uncovered. There are also problems that arise during fuzzing; when is enough enough? These issues and many others are fully explored.

• Learn How Fuzzing Finds Vulnerabilities Eliminate buffer overflows, format strings and other potential flaws
• Find Coverage of Available Fuzzing Tools Complete coverage of open source and commercial tools and their uses
• Build Your Own Fuzzer Automate the process of vulnerability research by building your own tools
• Understand How Fuzzing Works within the Development Process Learn how fuzzing serves as a quality assurance tool for your own and third-party software

Synopsis

Fuzzing is often described as a "black box" software testing technique. It works by automatically feeding a program multiple input iterations in an attempt to trigger an internal error indicative of a bug, and potentially crash it. Such program errors and crashes are indicative of the existence of a security vulnerability, which can later be researched and fixed.Fuzz testing is now making a transition from a hacker-grown tool to a commercial-grade product. There are many different types of applications that can be fuzzed, many different ways they can be fuzzed, and a variety of different problems that can be uncovered. There are also problems that arise during fuzzing; when is enough enough? These issues and many others are fully explored.

About the Author, Noam Rathaus

Noam Rathaus is the co-founder and CTO of Beyond Security, a company specializing in the development of enterprise-wide security assessment technologies, vulnerability assessment-based SOCs (security operation centers) and related products. He holds an electrical engineering degree from Ben Gurion University, and has been checking the security of computer systems from the age of 13. Noam is also the editor-in-chief of SecuriTeam.com, one of the largest vulnerability databases and security portals on the Internet. He has contributed to several security-related open-source projects including an active role in the Nessus security scanner project. He has written over 150 security tests to the open source tool's vulnerability database, and also developed the first Nessus client for the Windows operating system. Noam is apparently on the hit list of several software giants after being responsible for uncovering security holes in products by vendors such as Microsoft, Macromedia, Trend Micro, and Palm. This keeps him on the run using his Nacra Catamaran, capable of speeds exceeding 14 knots for a quick getaway.

Gadi Evron works for the McLean, VA-based vulnerability assessment solution vendor Beyond Security as Security Evangelist and is the chief editor of the security portal SecuriTeam. He is a known leader in the world of Internet security operations, especially regarding botnets and phishing. He is also the operations manager for the Zeroday Emergency Response Team (ZERT) and a renowned expert on corporate security and espionage threats. Previously, Gadi was Internet Security Operations Manager for the Israeli government and the manager and founder of the Israeli government’s Computer Emergency Response Team (CERT).

Reviews

There are no reviews yet. Log in to write one.

Book Details

Published
December 1, 2007
Publisher
Syngress Publishing
Pages
210
Format
Paperback
ISBN
9781597491952

Similar books

Norton All-in-One Desk Reference for Dummies
Norton All-in-One Desk Reference for Dummies
How to Break Web Software: Functional and Security Testing of Web Applications and Web Services
How to Break Web Software: Functional and Security Testing of Web Applications and Web Services
Exploiting Software: How to Break Code
Exploiting Software: How to Break Code
Curing the Patch Management Headache
Curing the Patch Management Headache
Testing Code Security
Testing Code Security
How to Break Software Security: Effective Techniques for Security Testing
How to Break Software Security: Effective Techniques for Security Testing
Software Deployment, Updating, and Patching
Software Deployment, Updating, and Patching
The Security Development Lifecycle: SDL - A Process for Developing Demonstrably More Secure Software
The Security Development Lifecycle: SDL - A Process for Developing Demonstrably More Secure Software
Geekonomics: The Real Cost of Insecure Software
Geekonomics: The Real Cost of Insecure Software
Computer Safety, Reliability, and Security
Computer Safety, Reliability, and Security