Software is infested with security flaws that can be misused by hackers. Current test automation does not cover negative or crash testing of software, and security experts are relying on penetration tests that focus on finding old known flaws rather than new. This book approaches the problem with the mindset of a hacker and explores the method they use to find flaws in software. The aim is give you a powerful new tool to fix worm-size holes in your own design, testing and building without adding expense or time to already tight software development schedules and budgets. Fuzzing is a software testing approach where carefully designed or just randomly generated unexpected inputs are sent to software a device in order to crash it. It's the most used technique hackers use to find security bugs. The book shows how to make it a standard practice that integrates seamlessly with other development activities and goes through each phase of software development and points out where testing and auditing can tighten security. The book also identifies cases where available tools fall short and surveys other popular fuzzing tools and techniques that work better.

Seller Inventory # LU-9781608078509

Contact seller

Report this item

Bibliographic Details

Title: Fuzzing for Software Security Testing and Quality Assurance
Publisher: Artech House Publishers, US
Publication Date: 2018
Language: English
ISBN 10: 1608078507
ISBN 13: 9781608078509
Binding: Hardback
Edition: 2nd Edition
Condition: New

About this title

Synopsis

This edition introduces fuzzing as a process, goes through commercial tools, and explains what the customer requirements are for fuzzing. The advancement of evolutionary fuzzing tools, including American Fuzzy Lop (AFL) and the emerging full fuzz test automation systems, are explored. Traditional software programmers and testers learn how to make fuzzing a standard practice that integrates seamlessly with all development activities. It surveys all popular commercial fuzzing tools and explains how to select the right one for software development projects.This edition introduces fuzzing as a process, goes through commercial tools, and explains what the customer requirements are for fuzzing. The advancement of evolutionary fuzzing tools, including American Fuzzy Lop (AFL) and the emerging full fuzz test automation systems, are explored. Traditional software programmers and testers learn how to make fuzzing a standard practice that integrates seamlessly with all development activities. It surveys all popular commercial fuzzing tools and explains how to select the right one for software development projects.

About the Author

Ari Takanen is an investor and startup advisor at Kielo Growth business incubator company. He is also cofounder of Codenomicon, a software fuzzing tool company acquired by Synopsys. A noted speaker and author on software testing and security, he is a graduate of Finland's University of Oulo, where he did research with the university's Secure Programming Group. Jared D. DeMott is the founder of Vulnerability Discovery & Analysis (VDA) Labs. He earned an M.S. in computer science from Johns Hopkins University and is a Ph.D. candidate at Michigan State University. Charlie Miller is a principal autonomous vehicle security architect at Cruise Automation. Previously, he spent five years at the National Security Agency as a computer hacker. He earned his Ph.D. in mathematics from the U. of Notre Dame. Atte Kettunen is a software security expert at F-Secure Corporation. He received his master's degree in computer security from Oulun yliopisto.

"About this title" may belong to another edition of this title.