Grammar-based whitebox fuzzing
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Visual Reverse Engineering of Binary and Data Files
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Taint-based directed whitebox fuzzing
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Proceedings of the eighteenth international symposium on Software testing and analysis
Case study: experiences on SQL language fuzz testing
Proceedings of the Second International Workshop on Testing Database Systems
Fuzzing and delta-debugging SMT solvers
Proceedings of the 7th International Workshop on Satisfiability Modulo Theories
Testing system virtual machines
Proceedings of the 19th international symposium on Software testing and analysis
Testing and debugging techniques for answer set solver development
Theory and Practice of Logic Programming
From test cases to FSMs: augmented test-driven development and property inference
Proceedings of the 9th ACM SIGPLAN workshop on Erlang
Representation dependence testing using program inversion
Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
Efficient file fuzz testing using automated analysis of binary file format
Journal of Systems Architecture: the EUROMICRO Journal
System Assurance: Beyond Detecting Vulnerabilities
System Assurance: Beyond Detecting Vulnerabilities
Fuzzing the out-of-memory killer on embedded Linux: an adaptive random approach
Proceedings of the 2011 ACM Symposium on Applied Computing
Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution
ACM Transactions on Information and System Security (TISSEC)
Vulnerability extrapolation: assisted discovery of vulnerabilities using machine learning
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
Automated testing and debugging of SAT and QBF solvers
SAT'10 Proceedings of the 13th international conference on Theory and Applications of Satisfiability Testing
Tradeoffs in targeted fuzzing of cyber systems by defenders and attackers
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Proceedings of the 50th Annual Southeast Regional Conference
SP 800-142. Practical Combinatorial Testing
SP 800-142. Practical Combinatorial Testing
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Generalized vulnerability extrapolation using abstract syntax trees
Proceedings of the 28th Annual Computer Security Applications Conference
CONFU: Configuration Fuzzing Testing Framework for Software Vulnerability Detection
International Journal of Secure Software Engineering
A test case generation technique for VMM fuzzing
ICT-EurAsia'13 Proceedings of the 2013 international conference on Information and Communication Technology
Semi-valid input coverage for fuzz testing
Proceedings of the 2013 International Symposium on Software Testing and Analysis
Fuzzing the ActionScript virtual machine
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Chucky: exposing missing checks in source code for vulnerability discovery
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
A methodology for testing CPU emulators
ACM Transactions on Software Engineering and Methodology (TOSEM) - Testing, debugging, and error handling, formal methods, lifecycle concerns, evolution and maintenance
Dowsing for overflows: a guided fuzzer to find buffer boundary violations
SEC'13 Proceedings of the 22nd USENIX conference on Security
| Hi-index | 0.00 |
FUZZINGMaster One of Today's Most Powerful Techniques for Revealing Security Flaws!Fuzzing has evolved into one of today's most effective approaches to test software security. To “fuzz,” you attach a program's inputs to a source of random data, and then systematically identify the failures that arise. Hackers haverelied on fuzzing for years: Now, it's your turn. In this book, renowned fuzzing experts show you how to use fuzzing to reveal weaknesses in your software before someone else does.Fuzzing is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work. Coverage includes:· Why fuzzing simplifies test design and catches flaws other methods miss· The fuzzing process: from identifying inputs to assessing “exploitability”· Understanding the requirements for effective fuzzing· Comparing mutation-based and generation-based fuzzers· Using and automating environment variable and argument fuzzing· Mastering in-memory fuzzing techniques· Constructing custom fuzzing frameworks and tools· Implementing intelligent fault detectionAttackers are already using fuzzing. You should, too. Whether you're a developer, security engineer, tester, or QA specialist, this book teaches you how to build secure software.Forewordï戮 ï戮 ï戮 ï戮 xix Prefaceï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 xxiAcknowledgmentsï戮 xxvAbout the Authorï戮 ï戮 xxvii PARTIï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 BACKGROUNDï戮 ï戮 ï戮 ï戮 1Chapter 1ï戮 ï戮 ï戮 Vulnerability Discovery Methodologiesï戮 3Chapter 2ï戮 ï戮 ï戮 What Is Fuzzing?ï戮 ï戮 21Chapter 3ï戮 ï戮 ï戮 Fuzzing Methods and Fuzzer Typesï戮 ï戮 ï戮 ï戮 33Chapter 4ï戮 ï戮 ï戮 Data Representation and Analysisï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 45Chapter 5ï戮 ï戮 ï戮 Requirements for Effective Fuzzingï戮 ï戮 ï戮 ï戮 ï戮 61PART IIï戮 ï戮 ï戮 ï戮 ï戮 TARGETS AND AUTOMATIONï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 71Chapter 6ï戮 ï戮 ï戮 Automation and Data Generationï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 73Chapter 7ï戮 ï戮 ï戮 Environment Variable and Argument Fuzzing 89Chapter 8ï戮 ï戮 ï戮 Environment Variable and Argument Fuzzing: Automation 103Chapter 9ï戮 ï戮 ï戮 Web Application and Server Fuzzingï戮 ï戮 ï戮 ï戮 113Chapter 10ï戮 Web Application and Server Fuzzing: Automationï戮 ï戮 ï戮 137Chapter 11ï戮 File Format Fuzzingï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 169Chapter 12ï戮 File Format Fuzzing: Automation on UNIXï戮 ï戮 ï戮 ï戮 181Chapter 13ï戮 File Format Fuzzing: Automation on Windowsï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 197Chapter 14ï戮 Network Protocol Fuzzingï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 223Chapter 15ï戮 Network Protocol Fuzzing: Automation on UNIXï戮 ï戮 ï戮 ï戮 235Chapter 16ï戮 Network Protocol Fuzzing: Automation on Windowsï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 249Chapter 17ï戮 Web Browser Fuzzingï戮 ï戮 ï戮 ï戮 ï戮 267Chapter 18ï戮 Web Browser Fuzzing: Automationï戮 ï戮 ï戮 ï戮 283Chapter 19ï戮 In-Memory Fuzzingï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 301Chapter 20ï戮 In-Memory Fuzzing: Automationï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 ï戮 315PART IIIï戮 ï戮 ï戮 ADVANCED FUZZING TECHNOLOGIESï戮 ï戮 ï戮 ï戮 ï戮 349Chapter 21ï戮 Fuzzing Frameworksï戮 ï戮 ï戮 ï戮 ï戮 ï戮 351Chapter 22ï戮 Automated Protocol Dissectionï戮 419Chapter 23ï戮 Fuzzer Trackingï戮 ï戮 ï戮 ï戮 437Chapter 24ï戮 Intelligent Fault Detection 471PART IVï戮 ï戮 ï戮 ï戮 LOOKING FORWARDï戮 ï戮 ï戮 495Chapter 25ï戮 Lessons Learnedï戮 ï戮 ï戮 497Chapter 26ï戮 Looking Forwardï戮 ï戮 ï戮 507Index 519