pFUZZING/ppMaster One of Today's Most Powerful Techniques for Revealing Security Flaws!/ppFuzzing has evolved into one of today's most effective approaches to test software security. To "fuzz," you attach a program's inputs to a source of random data, and then systematically identify the failures that arise. Hackers have/pprelied on fuzzing for years: Now, it's your turn. In this book, renowned fuzzing experts show you how to use fuzzing to reveal weaknesses in your software before someone else does./ppi /i/ppiFuzzing /iis the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work. Coverage includes:/pp /pp- Why fuzzing simplifies test design and catches flaws other methods miss/pp- The fuzzing process: from identifying inputs to assessing "exploitability"/pp- Understanding the requirements for effective fuzzing/pp- Comparing mutation-based and generation-based fuzzers/pp- Using and automating environment variable and argument fuzzing/pp- Mastering in-memory fuzzing techniques/pp- Constructing custom fuzzing frameworks and tools/pp- Implementing intelligent fault detection/pp /ppAttackers are already using fuzzing. You should, too. Whether you're a developer, security engineer, tester, or QA specialist, this book teaches you how to build secure software./pp /ppForeword xix/ppPreface xxi/ppAcknowledgments xxv/ppAbout the Author xxvii/ppbP/bbARTI B/bbACKGROUND 1/b/ppChapter 1 Vulnerability Discovery Methodologies 3/ppChapter 2 What Is Fuzzing? 21/ppChapter 3 Fuzzing Methods and Fuzzer Types 33/ppChapter 4 Data Representation and Analysis 45/ppChapter 5 Requirements for Effective Fuzzing 61/ppbP/bbART II T/bbARGETS AND A/bbUTOMATION 71/b/ppChapter 6 Automation and Data Generation 73/ppChapter 7 Environment Variable and Argument Fuzzing 89/ppChapter 8 Environment Variable and Argument Fuzzing: Automation 103/ppChapter 9 Web Application and Server Fuzzing 113/ppChapter 10 Web Application and Server Fuzzing: Automation 137/ppChapter 11 File Format Fuzzing 169/ppChapter 12 File Format Fuzzing: Automation on UNIX 181/ppChapter 13 File Format Fuzzing: Automation on Windows 197/ppChapter 14 Network Protocol Fuzzing 223/ppChapter 15 Network Protocol Fuzzing: Automation on UNIX 235/ppChapter 16 Network Protocol Fuzzing: Automation on Windows 249/ppChapter 17 Web Browser Fuzzing 267/ppChapter 18 Web Browser Fuzzing: Automation 283/ppChapter 19 In-Memory Fuzzing 301/ppChapter 20 In-Memory Fuzzing: Automation 315/ppbP/bbART III A/bbDVANCED F/bbUZZING T/bbECHNOLOGIES 349/b/ppChapter 21 Fuzzing Frameworks 351/ppChapter 22 Automated Protocol Dissection 419/ppChapter 23 Fuzzer Tracking 437/ppChapter 24 Intelligent Fault Detection 471/ppbP/bbART IV L/bbOOKING F/bbORWARD 495/b/ppChapter 25 Lessons Learned 497/ppChapter 26 Looking Forward 507/ppIndex 519/pp /pp /p