عنوان

Fuzzing for software security testing and quality assurance /

(Number (ISBN

1630815195

(Number (ISBN

9781630815196

Erroneous ISBN

1608078507

Erroneous ISBN

9781608078509

Title Proper

Fuzzing for software security testing and quality assurance /

General Material Designation

[Book]

First Statement of Responsibility

Ari Takanen, Jared DeMott, Charlie Miller, Atte Kettunen.

Edition Statement

Second edition.

Place of Publication, Distribution, etc.

Boston, MA :

Name of Publisher, Distributor, etc.

Artech House,

Date of Publication, Distribution, etc.

[2018]

Date of Publication, Distribution, etc.

©2018

Specific Material Designation and Extent of Item

1 online resource :

Other Physical Details

illustrations

Series Title

Artech House information security and privacy series

Text of Note

Includes bibliographical references and index.

Text of Note

Intro; Fuzzing for Software Security Testing and Quality Assurance, Second Edition; Foreword from the First Edition; Foreword to the Second Edition; Preface from the First Edition; Preface to the Second Edition; Chapter 1 Introduction; 1.1 Software Security; 1.1.1 Security Incident; 1.1.2 Disclosure Processes; 1.1.3 Attack Surfaces and Attack Vectors; 1.1.4 Reasons Behind Security Mistakes; 1.1.5 Proactive Security; 1.1.6 Security Requirements; 1.2 Software Quality; 1.2.1 Cost-Benefit of Quality; 1.2.2 Target of Test; 1.2.3 Testing Purposes and Test Verdicts; 1.2.4 Structural Testing

Text of Note

1.2.5 Functional Testing1.2.6 Code Auditing; 1.3 Introduction to Fuzzing; 1.3.1 Brief History of Fuzzing; 1.3.2 Fuzzing Overview; 1.3.3 Vulnerabilities Found with Fuzzing; 1.3.4 Fuzzer Types; 1.3.5 Logical Structure of a Fuzzer; 1.3.6 Fuzzing Process; 1.3.7 Fuzzing Frameworks and Test Suites; 1.3.8 Fuzzing and the Enterprise; 1.4 Book Goals and Layout; Chapter 2 Software Vulnerability Analysis; 2.1 Purpose of Vulnerability Analysis; 2.1.1 Security and Vulnerability Scanners; 2.2 People Conducting Vulnerability Analysis; 2.2.1 Hackers; 2.2.2 Vulnerability Analysts or Security Researchers

Text of Note

2.2.3 Penetration Testers2.2.4 Software Security Testers; 2.2.5 IT Security Engineers; 2.3 Target Software; 2.4 Basic Bug Categories; 2.4.1 Memory Corruption Errors; 2.4.2 Web Applications; 2.4.3 Brute Force Login; 2.4.4 Race Condition; 2.4.5 Denial of Service; 2.4.6 Session Hijacking; 2.4.7 Man in the Middle; 2.4.8 Cryptographic Attacks; 2.5 Bug Hunting Techniques; 2.5.1 Reverse Engineering; 2.5.2 Source Code Auditing; 2.6 Fuzzing; 2.6.1 Basic Terms; 2.6.2 Hostile Data; 2.6.3 Number of Tests; 2.7 Defenses; 2.7.1 Why Fuzzing Works; 2.7.2 Defensive Coding; 2.7.3 Input Verification

Text of Note

2.7.4 Hardware Overflow Protection2.7.5 Software Overflow Protection; 2.8 Summary; Chapter 3 Quality Assurance and Testing; 3.1 Quality Assurance and Security; 3.1.1 Security in Software Development; 3.1.2 Security Defects; 3.2 Measuring Quality; 3.2.1 Quality Is About Validation of Features; 3.2.2 Quality Is About Finding Defects; 3.2.3 Quality Is a Feedback Loop to Development; 3.2.4 Quality Brings Visibility to the Development Process; 3.2.5 End Users' Perspective; 3.3 Testing for Quality; 3.3.1 V-Model; 3.3.2 Testing on the Developer's Desktop; 3.3.3 Testing the Design

Text of Note

3.4 Main Categories of Testing3.4.1 Validation Testing Versus Defect Testing; 3.4.2 Structural Versus Functional Testing; 3.5 White-Box Testing; 3.5.1 Making the Code Readable; 3.5.2 Inspections and Reviews; 3.5.3 Code Auditing; 3.6 Black-Box Testing; 3.6.1 Software Interfaces; 3.6.2 Test Targets; 3.6.3 Fuzz Testing as a Profession; 3.7 Purposes of Black-Box Testing; 3.7.1 Conformance Testing; 3.7.2 Functional Security Testing; 3.7.3 Functional Safety Testing; 3.7.4 Interoperability Testing; 3.7.5 Performance Testing; 3.7.6 Robustness Testing; 3.8 Testing Metrics; 3.8.1 Specification Coverage

0

8

8

8

8

Text of Note

This newly revised and expanded second edition of the popular Artech House title, Fuzzing for Software Security Testing and Quality Assurance, provides practical and professional guidance on how and why to integrate fuzzing into the software development lifecycle. This edition introduces fuzzing as a process, goes through commercial tools, and explains what the customer requirements are for fuzzing. The advancement of evolutionary fuzzing tools, including American Fuzzy Lop (AFL) and the emerging full fuzz test automation systems are explored in this edition. Traditional software programmers and testers will learn how to make fuzzing a standard practice that integrates seamlessly with all development activities. It surveys all popular commercial fuzzing tools and explains how to select the right one for software development projects.nnThis book is a powerful new tool to build secure, high-quality software taking a weapon from the malicious hacker's arsenal. This practical resource helps engineers find and patch flaws in software before harmful viruses, worms, and Trojans can use these vulnerabilities to rampage systems. The book shows how to make fuzzing a standard practice that integrates seamlessly with all development activities.

Title

Fuzzing for software security testing and quality assurance.

International Standard Book Number

1608078507

Computer networks-- Security measures.

Computer security.

Computer software-- Development.

Computer networks-- Security measures.

Computer security.

Computer software-- Development.

COMPUTERS-- Security-- General.

COM-- 053000

Number

Edition

Class number

Book number

DeMott, Jared

Kettunen, Atte

Miller, Charles,1951-

Takanen, Ari

Date of Transaction

20200823045610.0

Cataloguing Rules (Descriptive Conventions))

pn

Electronic name

[Book]

Y