Fuzzing for Software Security Testing and Quality Assurance, Second Edition
- 6h 27m
- Ari Takanen, Atte Kettunen, Charlie Miller, Jared DeMott
- Artech House
- 2018
This newly revised and expanded second edition of the popular Artech House title, Fuzzing for Software Security Testing and Quality Assurance, provides practical and professional guidance on how and why to integrate fuzzing into the software development lifecycle. This edition introduces fuzzing as a process, goes through commercial tools, and explains what the customer requirements are for fuzzing. The advancement of evolutionary fuzzing tools, including American Fuzzy Lop (AFL) and the emerging full fuzz test automation systems are explored in this edition. Traditional software programmers and testers will learn how to make fuzzing a standard practice that integrates seamlessly with all development activities. It surveys all popular commercial fuzzing tools and explains how to select the right one for software development projects.
This book is a powerful new tool to build secure, high-quality software taking a weapon from the malicious hacker’s arsenal. This practical resource helps engineers find and patch flaws in software before harmful viruses, worms, and Trojans can use these vulnerabilities to rampage systems. The book shows how to make fuzzing a standard practice that integrates seamlessly with all development activities.
About the Authors
Ari Takanen is an investor and startup advisor at Kielo Growth business incubator company. He is also cofounder of Codenomicon, a software fuzzing tool company acquired by Synopsys. A noted speaker and author on software testing and security, he is a graduate of Finland's University of Oulo, where he did research with the university's Secure Programming Group.
Jared D. DeMott is the founder of Vulnerability Discovery & Analysis (VDA) Labs. He earned an M.S. in computer science from Johns Hopkins University and is a Ph.D. candidate at Michigan State University.
Charlie Miller is a principal autonomous vehicle security architect at Cruise Automation. Previously, he spent five years at the National Security Agency as a computer hacker. He earned his Ph.D. in mathematics from the U. of Notre Dame.
Atte Kettunen is a software security expert at F-Secure Corporation. He received his master's degree in computer security from Oulun yliopisto.
In this Book
-
Introduction
-
Software Vulnerability Analysis
-
Quality Assurance and Testing
-
Fuzzing Metrics
-
Building and Classifying Fuzzers
-
Target Monitoring
-
Advanced Fuzzing
-
Fuzzer Comparison
-
Fuzzing Case Studies