| Document Type
|
:
|
BL
|
| Record Number
|
:
|
854246
|
| Title & Author
|
:
|
Fuzzing for software security testing and quality assurance /\ Ari Takanen, Jared DeMott, Charlie Miller, Atte Kettunen.
|
| Edition Statement
|
:
|
Second edition.
|
| Publication Statement
|
:
|
Boston, MA :: Artech House,, [2018]
|
|
|
:
|
, ©2018
|
| Series Statement
|
:
|
Artech House information security and privacy series
|
| Page. NO
|
:
|
1 online resource :: illustrations
|
| ISBN
|
:
|
1630815195
|
|
|
:
|
: 9781630815196
|
|
|
:
|
1608078507
|
|
|
:
|
9781608078509
|
| Bibliographies/Indexes
|
:
|
Includes bibliographical references and index.
|
| Contents
|
:
|
Intro; Fuzzing for Software Security Testing and Quality Assurance, Second Edition; Foreword from the First Edition; Foreword to the Second Edition; Preface from the First Edition; Preface to the Second Edition; Chapter 1 Introduction; 1.1 Software Security; 1.1.1 Security Incident; 1.1.2 Disclosure Processes; 1.1.3 Attack Surfaces and Attack Vectors; 1.1.4 Reasons Behind Security Mistakes; 1.1.5 Proactive Security; 1.1.6 Security Requirements; 1.2 Software Quality; 1.2.1 Cost-Benefit of Quality; 1.2.2 Target of Test; 1.2.3 Testing Purposes and Test Verdicts; 1.2.4 Structural Testing
|
|
|
:
|
1.2.5 Functional Testing1.2.6 Code Auditing; 1.3 Introduction to Fuzzing; 1.3.1 Brief History of Fuzzing; 1.3.2 Fuzzing Overview; 1.3.3 Vulnerabilities Found with Fuzzing; 1.3.4 Fuzzer Types; 1.3.5 Logical Structure of a Fuzzer; 1.3.6 Fuzzing Process; 1.3.7 Fuzzing Frameworks and Test Suites; 1.3.8 Fuzzing and the Enterprise; 1.4 Book Goals and Layout; Chapter 2 Software Vulnerability Analysis; 2.1 Purpose of Vulnerability Analysis; 2.1.1 Security and Vulnerability Scanners; 2.2 People Conducting Vulnerability Analysis; 2.2.1 Hackers; 2.2.2 Vulnerability Analysts or Security Researchers
|
|
|
:
|
2.2.3 Penetration Testers2.2.4 Software Security Testers; 2.2.5 IT Security Engineers; 2.3 Target Software; 2.4 Basic Bug Categories; 2.4.1 Memory Corruption Errors; 2.4.2 Web Applications; 2.4.3 Brute Force Login; 2.4.4 Race Condition; 2.4.5 Denial of Service; 2.4.6 Session Hijacking; 2.4.7 Man in the Middle; 2.4.8 Cryptographic Attacks; 2.5 Bug Hunting Techniques; 2.5.1 Reverse Engineering; 2.5.2 Source Code Auditing; 2.6 Fuzzing; 2.6.1 Basic Terms; 2.6.2 Hostile Data; 2.6.3 Number of Tests; 2.7 Defenses; 2.7.1 Why Fuzzing Works; 2.7.2 Defensive Coding; 2.7.3 Input Verification
|
|
|
:
|
2.7.4 Hardware Overflow Protection2.7.5 Software Overflow Protection; 2.8 Summary; Chapter 3 Quality Assurance and Testing; 3.1 Quality Assurance and Security; 3.1.1 Security in Software Development; 3.1.2 Security Defects; 3.2 Measuring Quality; 3.2.1 Quality Is About Validation of Features; 3.2.2 Quality Is About Finding Defects; 3.2.3 Quality Is a Feedback Loop to Development; 3.2.4 Quality Brings Visibility to the Development Process; 3.2.5 End Users' Perspective; 3.3 Testing for Quality; 3.3.1 V-Model; 3.3.2 Testing on the Developer's Desktop; 3.3.3 Testing the Design
|
|
|
:
|
3.4 Main Categories of Testing3.4.1 Validation Testing Versus Defect Testing; 3.4.2 Structural Versus Functional Testing; 3.5 White-Box Testing; 3.5.1 Making the Code Readable; 3.5.2 Inspections and Reviews; 3.5.3 Code Auditing; 3.6 Black-Box Testing; 3.6.1 Software Interfaces; 3.6.2 Test Targets; 3.6.3 Fuzz Testing as a Profession; 3.7 Purposes of Black-Box Testing; 3.7.1 Conformance Testing; 3.7.2 Functional Security Testing; 3.7.3 Functional Safety Testing; 3.7.4 Interoperability Testing; 3.7.5 Performance Testing; 3.7.6 Robustness Testing; 3.8 Testing Metrics; 3.8.1 Specification Coverage
|
| Abstract
|
:
|
This newly revised and expanded second edition of the popular Artech House title, Fuzzing for Software Security Testing and Quality Assurance, provides practical and professional guidance on how and why to integrate fuzzing into the software development lifecycle. This edition introduces fuzzing as a process, goes through commercial tools, and explains what the customer requirements are for fuzzing. The advancement of evolutionary fuzzing tools, including American Fuzzy Lop (AFL) and the emerging full fuzz test automation systems are explored in this edition. Traditional software programmers and testers will learn how to make fuzzing a standard practice that integrates seamlessly with all development activities. It surveys all popular commercial fuzzing tools and explains how to select the right one for software development projects.nnThis book is a powerful new tool to build secure, high-quality software taking a weapon from the malicious hacker's arsenal. This practical resource helps engineers find and patch flaws in software before harmful viruses, worms, and Trojans can use these vulnerabilities to rampage systems. The book shows how to make fuzzing a standard practice that integrates seamlessly with all development activities.
|
| Subject
|
:
|
Computer networks-- Security measures.
|
| Subject
|
:
|
Computer security.
|
| Subject
|
:
|
Computer software-- Development.
|
| Subject
|
:
|
Computer networks-- Security measures.
|
| Subject
|
:
|
Computer security.
|
| Subject
|
:
|
Computer software-- Development.
|
| Subject
|
:
|
COMPUTERS-- Security-- General.
|
| Dewey Classification
|
:
|
005.8
|
| LC Classification
|
:
|
QA76.9.A25F89 2018eb
|
| Added Entry
|
:
|
DeMott, Jared
|
|
|
:
|
Kettunen, Atte
|
|
|
:
|
Miller, Charles,1951-
|
|
|
:
|
Takanen, Ari
|