Fuzzing for Software Security

Ari Takanen is the chief technical officer at Codenomicon, a software fuzzing tool company. A noted speaker and author on software testing and security, he is a graduate of Finland's University of Oulo, where he did research with the university's Secure Programming Group. Jared D. DeMott is a software vulnerability researcher, speaker, teacher, and author. He is a leading expert on fuzzing and fuzzing tools. He earned an M.S. in computer science from Johns Hopkins University and is a Ph.D. candidate at Michigan State University. Charlie Miller is principal analyst at Independent Security Evaluators. Previously, he spent five years at the National Security Agency. He is probably best known as the first to publicly create a remote exploit against the iPhone. Dr. Miller is also a frequent speaker at major computer security conferences. He earned his Ph.D. from the University of Notre Dame.

Offering a powerful new tool to build secure, high-quality software, this resource helps developers think like a software cracker so they can find and patch flaws before harmful viruses, worms, and Trojans can rampage systems. Traditional software programmers and testers learn how to make fuzzing a standard practice.

Introduction; Software Security; Software Quality; Fuzzing; Book Goals and Layout; Software Vulnerability Analysis; Purpose of Vulnerability Analysis; People Conducting Vulnerability Analysis; Target Software; Basic Bug Categories; Bug Hunting Techniques; Fuzzing; Defenses; Quality Assurance and Testing; Quality Assurance and Security; Measuring Quality, Testing for Quality; Main Categories of Testing; White-Box Testing; Black-Box Testing; Purpose of Black-Box Testing; Testing Metrics; Black-Box Testing Techniques for Security; Summary; Fuzzing Metrics; Threat Analysis and Risk-Based Testing; Transition to Proactive Security; Defect Metrics and Security; Test Automation for Security; Summary; Building and Classifying Fuzzers; Fuzzing Methods; Detailed View of Fuzzer Types; Fuzzer Classification via Interface; Summary; Target Monitoring; What Can Go Wrong and What Does It Look Like; Methods of Monitoring; Advanced Methods; Monitoring Overview; A Test Program; Case Study: PCRE. Summary; Advanced Fuzzing; Automatic Protocol Discovery; Using Code Coverage Information; Symbolic Execution; Evolutionary Fuzzing; Summary; Fuzzer Comparison; Fuzzing Lifecycle; Evaluating Fuzzers; Introducing the Fuzzers; The Targets; The Bugs; Results; A Closer Look at the Results; General Conclusions; Summary.