Artech House -- High-Tech Books & Software for Engineers and Managers

BROWSE SUBJECTS

Antennas & Propagation
Applied Photonics
Bioengineering
Bioinformatics
Biomedical Imaging
Building Technology
Communications
- Engineering
- Law, Policy & Economics
- Management
- Satellite
- Wireless/Mobile
Computing
- Database Management
- General
- Internet
- Software Development, Quality, and Testing
Electromagnetic Analysis
Electronic Defense / Electronic Warfare
Engineering Management
GNSS Technology and Applications
Intelligence and Information Operations
Microsystems / Microengineering
Microwave & RF Engineering
Nanotechnology
Power Engineering
Project Management
Radar/Remote Sensing
Security & Privacy
Sensors
Signal Processing
Solid State Technology
Telemedicine
Transportation/ITS


	Fuzzing for Software Security Testing and Quality Assurance Ari Takanen, Jared D. DeMott, and Charles Miller ISBN 978-1-59693-214-2 Copyright 2008 Pages: 230 Available June 2008 Order by May 31, 2008 and save! List price: Select your location for price. Discounted price is indicated below. No other discounts apply.
	Select your location for price.
Description Contents Author Chapter "A fascinating look at the new direction fuzzing technology is taking — useful for both QA engineers and bug hunters alike!" —Dave Aitel, CTO, Immunity Inc. Learn the code cracker’s malicious mindset, so you can find worn-size holes in the software you are designing, testing, and building. Fuzzing for Software Security Testing and Quality Assurance takes a weapon from the black-hat arsenal to give you a powerful new tool to build secure, high-quality software. This practical resource helps you add extra protection without adding expense or time to already tight schedules and budgets. The book shows you how to make fuzzing a standard practice that integrates seamlessly with all development activities. This comprehensive reference goes through each phase of software development and points out where testing and auditing can tighten security. It surveys all popular commercial fuzzing tools and explains how to select the right one for a software development project. The book also identifies those cases where commercial tools fall short and when there is a need for building your own fuzzing tools. Introduction—Software Security. Software Quality. Fuzzing. Book Goals and Layout. Software Vulnerability Analysis—Purpose of Vulnerability Analysis. People Conducting Vulnerability Analysis. Target Software. Basic Bug Categories. Bug Hunting Techniques. Fuzzing. Defenses. Quality Assurance and Testing—Quality Assurance and Security. Measuring Quality, Testing for Quality. Main Categories of Testing. White-Box Testing. Black-Box Testing. Purpose of Black-Box Testing. Testing Metrics. Black-Box Testing Techniques for Security. Summary. Fuzzing Metrics—Threat Analysis and Risk-Based Testing. Transition to Proactive Security. Defect Metrics and Security. Test Automation for Security. Summary. Building and Classifying Fuzzers—Fuzzing Methods. Detailed View of Fuzzer Types. Fuzzer Classification via Interface. Summary. Target Monitoring—What Can Go Wrong and What Does It Look Like. Methods of Monitoring. Advanced Methods. Monitoring Overview. A Test Program. Case Study: PCRE. Summary. Advanced Fuzzing—Automatic Protocol Discovery. Using Code Coverage Information. Symbolic Execution. Evolutionary Fuzzing. Summary. Fuzzer Comparison—Fuzzing Lifecycle. Evaluating Fuzzers. Introducing the Fuzzers. The Targets. The Bugs. Results. A Closer Look at the Results. General Conclusions. Summary. Fuzzing Case Studies—Enterprise Fuzzing. Carrier and Service Provider Fuzzing. Application Developer Fuzzing. Network Equipment Manufacturer Fuzzing. Industrial Automation Fuzzing. Blackbox Fuzzing for Security Researchers. Summary. *Ari Takanen* is the chief technical officer at Codenomicon, a software fuzzing tool company. A noted speaker and author on software testing and security, he is a graduate of Finland’s University of Oulo, where he did research with the university’s Secure Programming Group. *Jared D. DeMott* is a software vulnerability researcher, speaker, teacher, and author. He is a leading expert on fuzzing and fuzzing tools . He earned an M.S. in computer science from Johns Hopkins University and is a Ph.D. candidate at Michigan State University. *Charlie Miller* is principal analyst at Independent Security Evaluators. Previously, he spent five years at the National Security Agency. He is probably best known as the first to publicly create a remote exploit against the iPhone. Dr. Miller is also a frequent speaker at major computer security conferences. He earned his Ph.D. from the University of Notre Dame. Click here to download a sample chapter from this title in PDF format.

Sign up to receive our monthly email newsletter to get the latest title news, author insights and exclusive savings offers. Plus, you could win a FREE Artech House book of your choice.

Congratulations to May's Winner: Kent Lechmere

Cognitive Radio resources at 20% off!

Quantitative Analysis of Cognitive Radio and Network Performance
by Preston Marshall

Artificial Intelligence in Wireless Communications
by Thomas W. Rondeau and Charles W. Bostian

Join the Artech community on Facebook for the latest title release, event and exclusive promotions news.

Methods in Bioengineering - A revolutionary new book Series focused on step-by-step laboratory methods in Bioengineering.

Radarscan - Come get the latest word on books, authors, and offers for radar engineers