Software is infested with security flaws that can be misused by hackers. Current test automation does not cover negative or crash testing of software, and security experts are relying on penetration tests that focus on finding old known flaws rather than new. This book approaches the problem with the mindset of a hacker and explores the method they use to find flaws in software. The aim is give you a powerful new tool to fix worm-size holes in your own design, testing and building without adding expense or time to already tight software development schedules and budgets.
Fuzzing is a software testing approach where carefully designed or just randomly generated unexpected inputs are sent to software a device in order to crash it. It's the most used technique hackers use to find security bugs. The book shows how to make it a standard practice that integrates seamlessly with other development activities and goes through each phase of software development and points out where testing and auditing can tighten security. The book also identifies cases where available tools fall short and surveys other popular fuzzing tools and techniques that work better.
Ari Takanen is an investor and startup advisor at Kielo Growth business incubator company. He is also cofounder of Codenomicon, a software fuzzing tool company acquired by Synopsys. A noted speaker and author on software testing and security, he is a graduate of Finland's University of Oulo, where he did research with the university's Secure Programming Group. Jared D. DeMott is the founder of Vulnerability Discovery & Analysis (VDA) Labs. He earned an M.S. in computer science from Johns Hopkins University and is a Ph.D. candidate at Michigan State University. Charlie Miller is a principal autonomous vehicle security architect at Cruise Automation. Previously, he spent five years at the National Security Agency as a computer hacker. He earned his Ph.D. in mathematics from the U. of Notre Dame. Atte Kettunen is a software security expert at F-Secure Corporation. He received his master's degree in computer security from Oulun yliopisto.
Introduction; Software Vulnerability Analysis; Quality Assurance and Testing; Fuzzing Metrics; Building and Classifying Fuzzers; Target Monitoring; Advanced Fuzzing; Fuzzer Comparison; Fuzzing Case Studies.