Fuzzing for software security testing and quality assurance /
Ari Takanen, Jared DeMott, Charlie Miller.
- Norwood, MA : Artech House, c2008.
- xxii, 287 p. : ill. ; 27 cm.
- Artech House information security and privacy series .
Includes bibliographical references and index.
Introduction -- Software Vulnerability Analysis -- Quality Assurance and Testing -- Fuzzing Metrics -- Building and Classifying Fuzzers -- Target Monitoring -- Advanced Fuzzing -- Fuzzer Comparison -- Fuzzing Case Studies -- Bibliography -- Index.
Fuzzing for Software Security Testing and Quality Assurance gives software developers a powerful new tool to build secure, high-quality software, and takes a weapon from the malicious hackers' arsenal. This practical resource helps developers think like a software cracker, so they can find and patch flaws in software before harmful viruses, worms, and Trojans can use these vulnerabilities to rampage systems. Traditional software programmers and testers learn how to make fuzzing a standard practice that integrates seamlessly with all development activities. The book progresses through each phase of software development and points out where testing and auditing can tighten security. It surveys all popular commercial fuzzing tools and explains how to select the right one for a software development project. The book also covers those cases where commercial tools fall short and developers need to build their own custom fuzzing tools.