Offering a powerful new tool to build secure, high-quality software, this resource helps developers think like a software cracker so they can find and patch flaws before harmful viruses, worms, and Trojans can rampage systems. Traditional software programmers and testers learn how to make fuzzing a standard practice.
Inhaltsverzeichnis
Introduction; Software Security; Software Quality; Fuzzing; Book Goals and Layout; Software Vulnerability Analysis; Purpose of Vulnerability Analysis; People Conducting Vulnerability Analysis; Target Software; Basic Bug Categories; Bug Hunting Techniques; Fuzzing; Defenses; Quality Assurance and Testing; Quality Assurance and Security; Measuring Quality, Testing for Quality; Main Categories of Testing; White-Box Testing; Black-Box Testing; Purpose of Black-Box Testing; Testing Metrics; Black-Box Testing Techniques for Security; Summary; Fuzzing Metrics; Threat Analysis and Risk-Based Testing; Transition to Proactive Security; Defect Metrics and Security; Test Automation for Security; Summary; Building and Classifying Fuzzers; Fuzzing Methods; Detailed View of Fuzzer Types; Fuzzer Classification via Interface; Summary; Target Monitoring; What Can Go Wrong and What Does It Look Like; Methods of Monitoring; Advanced Methods; Monitoring Overview; A Test Program; Case Study: PCRE. Summary; Advanced Fuzzing; Automatic Protocol Discovery; Using Code Coverage Information; Symbolic Execution; Evolutionary Fuzzing; Summary; Fuzzer Comparison; Fuzzing Lifecycle; Evaluating Fuzzers; Introducing the Fuzzers; The Targets; The Bugs; Results; A Closer Look at the Results; General Conclusions; Summary.
