عنوان

Fuzzing for software security testing and quality assurance /

شابک

1630815195

شابک

9781630815196

شابک اشتباه

1608078507

شابک اشتباه

9781608078509

عنوان اصلي

Fuzzing for software security testing and quality assurance /

نام عام مواد

[Book]

نام نخستين پديدآور

Ari Takanen, Jared DeMott, Charlie Miller, Atte Kettunen.

وضعيت ويراست

Second edition.

محل نشرو پخش و غیره

Boston, MA :

نام ناشر، پخش کننده و غيره

Artech House,

تاریخ نشرو بخش و غیره

[2018]

تاریخ نشرو بخش و غیره

©2018

نام خاص و کميت اثر

1 online resource :

ساير جزييات

illustrations

عنوان فروست

Artech House information security and privacy series

متن يادداشت

Includes bibliographical references and index.

متن يادداشت

Intro; Fuzzing for Software Security Testing and Quality Assurance, Second Edition; Foreword from the First Edition; Foreword to the Second Edition; Preface from the First Edition; Preface to the Second Edition; Chapter 1 Introduction; 1.1 Software Security; 1.1.1 Security Incident; 1.1.2 Disclosure Processes; 1.1.3 Attack Surfaces and Attack Vectors; 1.1.4 Reasons Behind Security Mistakes; 1.1.5 Proactive Security; 1.1.6 Security Requirements; 1.2 Software Quality; 1.2.1 Cost-Benefit of Quality; 1.2.2 Target of Test; 1.2.3 Testing Purposes and Test Verdicts; 1.2.4 Structural Testing

متن يادداشت

1.2.5 Functional Testing1.2.6 Code Auditing; 1.3 Introduction to Fuzzing; 1.3.1 Brief History of Fuzzing; 1.3.2 Fuzzing Overview; 1.3.3 Vulnerabilities Found with Fuzzing; 1.3.4 Fuzzer Types; 1.3.5 Logical Structure of a Fuzzer; 1.3.6 Fuzzing Process; 1.3.7 Fuzzing Frameworks and Test Suites; 1.3.8 Fuzzing and the Enterprise; 1.4 Book Goals and Layout; Chapter 2 Software Vulnerability Analysis; 2.1 Purpose of Vulnerability Analysis; 2.1.1 Security and Vulnerability Scanners; 2.2 People Conducting Vulnerability Analysis; 2.2.1 Hackers; 2.2.2 Vulnerability Analysts or Security Researchers

متن يادداشت

2.2.3 Penetration Testers2.2.4 Software Security Testers; 2.2.5 IT Security Engineers; 2.3 Target Software; 2.4 Basic Bug Categories; 2.4.1 Memory Corruption Errors; 2.4.2 Web Applications; 2.4.3 Brute Force Login; 2.4.4 Race Condition; 2.4.5 Denial of Service; 2.4.6 Session Hijacking; 2.4.7 Man in the Middle; 2.4.8 Cryptographic Attacks; 2.5 Bug Hunting Techniques; 2.5.1 Reverse Engineering; 2.5.2 Source Code Auditing; 2.6 Fuzzing; 2.6.1 Basic Terms; 2.6.2 Hostile Data; 2.6.3 Number of Tests; 2.7 Defenses; 2.7.1 Why Fuzzing Works; 2.7.2 Defensive Coding; 2.7.3 Input Verification

متن يادداشت

2.7.4 Hardware Overflow Protection2.7.5 Software Overflow Protection; 2.8 Summary; Chapter 3 Quality Assurance and Testing; 3.1 Quality Assurance and Security; 3.1.1 Security in Software Development; 3.1.2 Security Defects; 3.2 Measuring Quality; 3.2.1 Quality Is About Validation of Features; 3.2.2 Quality Is About Finding Defects; 3.2.3 Quality Is a Feedback Loop to Development; 3.2.4 Quality Brings Visibility to the Development Process; 3.2.5 End Users' Perspective; 3.3 Testing for Quality; 3.3.1 V-Model; 3.3.2 Testing on the Developer's Desktop; 3.3.3 Testing the Design

متن يادداشت

3.4 Main Categories of Testing3.4.1 Validation Testing Versus Defect Testing; 3.4.2 Structural Versus Functional Testing; 3.5 White-Box Testing; 3.5.1 Making the Code Readable; 3.5.2 Inspections and Reviews; 3.5.3 Code Auditing; 3.6 Black-Box Testing; 3.6.1 Software Interfaces; 3.6.2 Test Targets; 3.6.3 Fuzz Testing as a Profession; 3.7 Purposes of Black-Box Testing; 3.7.1 Conformance Testing; 3.7.2 Functional Security Testing; 3.7.3 Functional Safety Testing; 3.7.4 Interoperability Testing; 3.7.5 Performance Testing; 3.7.6 Robustness Testing; 3.8 Testing Metrics; 3.8.1 Specification Coverage

بدون عنوان

0

بدون عنوان

8

بدون عنوان

8

بدون عنوان

8

بدون عنوان

8

متن يادداشت

This newly revised and expanded second edition of the popular Artech House title, Fuzzing for Software Security Testing and Quality Assurance, provides practical and professional guidance on how and why to integrate fuzzing into the software development lifecycle. This edition introduces fuzzing as a process, goes through commercial tools, and explains what the customer requirements are for fuzzing. The advancement of evolutionary fuzzing tools, including American Fuzzy Lop (AFL) and the emerging full fuzz test automation systems are explored in this edition. Traditional software programmers and testers will learn how to make fuzzing a standard practice that integrates seamlessly with all development activities. It surveys all popular commercial fuzzing tools and explains how to select the right one for software development projects.nnThis book is a powerful new tool to build secure, high-quality software taking a weapon from the malicious hacker's arsenal. This practical resource helps engineers find and patch flaws in software before harmful viruses, worms, and Trojans can use these vulnerabilities to rampage systems. The book shows how to make fuzzing a standard practice that integrates seamlessly with all development activities.

عنوان

Fuzzing for software security testing and quality assurance.

شماره استاندارد بين المللي کتاب و موسيقي

1608078507

موضوع مستند نشده

Computer networks-- Security measures.

موضوع مستند نشده

Computer security.

موضوع مستند نشده

Computer software-- Development.

موضوع مستند نشده

Computer networks-- Security measures.

موضوع مستند نشده

Computer security.

موضوع مستند نشده

Computer software-- Development.

موضوع مستند نشده

COMPUTERS-- Security-- General.

موضوع مستند نشده

COM-- 053000

شماره

ويراست

شماره رده

نشانه اثر

مستند نام اشخاص تاييد نشده

DeMott, Jared

مستند نام اشخاص تاييد نشده

Kettunen, Atte

مستند نام اشخاص تاييد نشده

Miller, Charles,1951-

مستند نام اشخاص تاييد نشده

Takanen, Ari

تاريخ عمليات

20200823045610.0

قواعد فهرست نويسي ( بخش توصيفي )

pn

نام الکترونيکي

نوع ماده

[Book]

تكميل شده

Y