Fuzzing for software security testing and quality assurance /:
This newly revised and expanded second edition of the popular Artech House title, Fuzzing for Software Security Testing and Quality Assurance, provides practical and professional guidance on how and why to integrate fuzzing into the software development lifecycle. This edition introduces fuzzing as...
Gespeichert in:
| Hauptverfasser: | , , , |
|---|---|
| Format: | Elektronisch E-Book |
| Sprache: | English |
| Veröffentlicht: |
Boston, MA :
Artech House,
[2018]
|
| Ausgabe: | Second edition. |
| Schriftenreihe: | Artech House information security and privacy series.
|
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Zusammenfassung: | This newly revised and expanded second edition of the popular Artech House title, Fuzzing for Software Security Testing and Quality Assurance, provides practical and professional guidance on how and why to integrate fuzzing into the software development lifecycle. This edition introduces fuzzing as a process, goes through commercial tools, and explains what the customer requirements are for fuzzing. The advancement of evolutionary fuzzing tools, including American Fuzzy Lop (AFL) and the emerging full fuzz test automation systems are explored in this edition. Traditional software programmers and testers will learn how to make fuzzing a standard practice that integrates seamlessly with all development activities. It surveys all popular commercial fuzzing tools and explains how to select the right one for software development projects.nnThis book is a powerful new tool to build secure, high-quality software taking a weapon from the malicious hacker's arsenal. This practical resource helps engineers find and patch flaws in software before harmful viruses, worms, and Trojans can use these vulnerabilities to rampage systems. The book shows how to make fuzzing a standard practice that integrates seamlessly with all development activities. |
| Beschreibung: | 1 online resource : illustrations |
| Bibliographie: | Includes bibliographical references and index. |
| ISBN: | 9781630815196 1630815195 |
Internformat
MARC
| LEADER | 00000cam a2200000 i 4500 | ||
|---|---|---|---|
| 001 | ZDB-4-EBA-on1040072327 | ||
| 003 | OCoLC | ||
| 005 | 20241004212047.0 | ||
| 006 | m o d | ||
| 007 | cr cnu---unuuu | ||
| 008 | 180614s2018 maua ob 001 0 eng d | ||
| 040 | |a N$T |b eng |e rda |e pn |c N$T |d N$T |d YDX |d EBLCP |d OCLCF |d CUV |d CUY |d NRC |d OCLCQ |d K6U |d UKAHL |d IEEEE |d OCLCO |d OCLCQ |d OCLCO |d UPM |d OCLCQ |d OCLCO |d OCLCL |d OCLCQ | ||
| 019 | |a 1039926205 | ||
| 020 | |a 9781630815196 |q (electronic bk.) | ||
| 020 | |a 1630815195 |q (electronic bk.) | ||
| 020 | |z 9781608078509 | ||
| 020 | |z 1608078507 | ||
| 035 | |a (OCoLC)1040072327 |z (OCoLC)1039926205 | ||
| 050 | 4 | |a QA76.9.A25 |b F89 2018eb | |
| 072 | 7 | |a COM |x 053000 |2 bisacsh | |
| 082 | 7 | |a 005.8 |2 23 | |
| 049 | |a MAIN | ||
| 245 | 0 | 0 | |a Fuzzing for software security testing and quality assurance / |c Ari Takanen, Jared DeMott, Charlie Miller, Atte Kettunen. |
| 250 | |a Second edition. | ||
| 264 | 1 | |a Boston, MA : |b Artech House, |c [2018] | |
| 264 | 4 | |c ©2018 | |
| 300 | |a 1 online resource : |b illustrations | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 490 | 1 | |a Artech House information security and privacy series | |
| 588 | 0 | |a Print version record. | |
| 588 | 0 | |a Online resource; title from PDF title page (EBSCO, viewed June 15, 2018) | |
| 504 | |a Includes bibliographical references and index. | ||
| 505 | 0 | |a Intro; Fuzzing for Software Security Testing and Quality Assurance, Second Edition; Foreword from the First Edition; Foreword to the Second Edition; Preface from the First Edition; Preface to the Second Edition; Chapter 1 Introduction; 1.1 Software Security; 1.1.1 Security Incident; 1.1.2 Disclosure Processes; 1.1.3 Attack Surfaces and Attack Vectors; 1.1.4 Reasons Behind Security Mistakes; 1.1.5 Proactive Security; 1.1.6 Security Requirements; 1.2 Software Quality; 1.2.1 Cost-Benefit of Quality; 1.2.2 Target of Test; 1.2.3 Testing Purposes and Test Verdicts; 1.2.4 Structural Testing | |
| 505 | 8 | |a 1.2.5 Functional Testing1.2.6 Code Auditing; 1.3 Introduction to Fuzzing; 1.3.1 Brief History of Fuzzing; 1.3.2 Fuzzing Overview; 1.3.3 Vulnerabilities Found with Fuzzing; 1.3.4 Fuzzer Types; 1.3.5 Logical Structure of a Fuzzer; 1.3.6 Fuzzing Process; 1.3.7 Fuzzing Frameworks and Test Suites; 1.3.8 Fuzzing and the Enterprise; 1.4 Book Goals and Layout; Chapter 2 Software Vulnerability Analysis; 2.1 Purpose of Vulnerability Analysis; 2.1.1 Security and Vulnerability Scanners; 2.2 People Conducting Vulnerability Analysis; 2.2.1 Hackers; 2.2.2 Vulnerability Analysts or Security Researchers | |
| 505 | 8 | |a 2.2.3 Penetration Testers2.2.4 Software Security Testers; 2.2.5 IT Security Engineers; 2.3 Target Software; 2.4 Basic Bug Categories; 2.4.1 Memory Corruption Errors; 2.4.2 Web Applications; 2.4.3 Brute Force Login; 2.4.4 Race Condition; 2.4.5 Denial of Service; 2.4.6 Session Hijacking; 2.4.7 Man in the Middle; 2.4.8 Cryptographic Attacks; 2.5 Bug Hunting Techniques; 2.5.1 Reverse Engineering; 2.5.2 Source Code Auditing; 2.6 Fuzzing; 2.6.1 Basic Terms; 2.6.2 Hostile Data; 2.6.3 Number of Tests; 2.7 Defenses; 2.7.1 Why Fuzzing Works; 2.7.2 Defensive Coding; 2.7.3 Input Verification | |
| 505 | 8 | |a 2.7.4 Hardware Overflow Protection2.7.5 Software Overflow Protection; 2.8 Summary; Chapter 3 Quality Assurance and Testing; 3.1 Quality Assurance and Security; 3.1.1 Security in Software Development; 3.1.2 Security Defects; 3.2 Measuring Quality; 3.2.1 Quality Is About Validation of Features; 3.2.2 Quality Is About Finding Defects; 3.2.3 Quality Is a Feedback Loop to Development; 3.2.4 Quality Brings Visibility to the Development Process; 3.2.5 End Users' Perspective; 3.3 Testing for Quality; 3.3.1 V-Model; 3.3.2 Testing on the Developer's Desktop; 3.3.3 Testing the Design | |
| 505 | 8 | |a 3.4 Main Categories of Testing3.4.1 Validation Testing Versus Defect Testing; 3.4.2 Structural Versus Functional Testing; 3.5 White-Box Testing; 3.5.1 Making the Code Readable; 3.5.2 Inspections and Reviews; 3.5.3 Code Auditing; 3.6 Black-Box Testing; 3.6.1 Software Interfaces; 3.6.2 Test Targets; 3.6.3 Fuzz Testing as a Profession; 3.7 Purposes of Black-Box Testing; 3.7.1 Conformance Testing; 3.7.2 Functional Security Testing; 3.7.3 Functional Safety Testing; 3.7.4 Interoperability Testing; 3.7.5 Performance Testing; 3.7.6 Robustness Testing; 3.8 Testing Metrics; 3.8.1 Specification Coverage | |
| 520 | 3 | |a This newly revised and expanded second edition of the popular Artech House title, Fuzzing for Software Security Testing and Quality Assurance, provides practical and professional guidance on how and why to integrate fuzzing into the software development lifecycle. This edition introduces fuzzing as a process, goes through commercial tools, and explains what the customer requirements are for fuzzing. The advancement of evolutionary fuzzing tools, including American Fuzzy Lop (AFL) and the emerging full fuzz test automation systems are explored in this edition. Traditional software programmers and testers will learn how to make fuzzing a standard practice that integrates seamlessly with all development activities. It surveys all popular commercial fuzzing tools and explains how to select the right one for software development projects.nnThis book is a powerful new tool to build secure, high-quality software taking a weapon from the malicious hacker's arsenal. This practical resource helps engineers find and patch flaws in software before harmful viruses, worms, and Trojans can use these vulnerabilities to rampage systems. The book shows how to make fuzzing a standard practice that integrates seamlessly with all development activities. |c Publisher abstract. | |
| 650 | 0 | |a Computer security. |0 http://id.loc.gov/authorities/subjects/sh90001862 | |
| 650 | 0 | |a Computer networks |x Security measures. |0 http://id.loc.gov/authorities/subjects/sh94001277 | |
| 650 | 0 | |a Computer software |x Development. |0 http://id.loc.gov/authorities/subjects/sh85029535 | |
| 650 | 2 | |a Computer Security |0 https://id.nlm.nih.gov/mesh/D016494 | |
| 650 | 6 | |a Sécurité informatique. | |
| 650 | 6 | |a Réseaux d'ordinateurs |x Sécurité |x Mesures. | |
| 650 | 7 | |a COMPUTERS |x Security |x General. |2 bisacsh | |
| 650 | 7 | |a Computer networks |x Security measures |2 fast | |
| 650 | 7 | |a Computer security |2 fast | |
| 650 | 7 | |a Computer software |x Development |2 fast | |
| 700 | 1 | |a Takanen, Ari, |e author. |0 http://id.loc.gov/authorities/names/n2007030098 | |
| 700 | 1 | |a DeMott, Jared, |e author. |0 http://id.loc.gov/authorities/names/nb2008017733 | |
| 700 | 1 | |a Miller, Charles, |d 1951- |e author. |1 https://id.oclc.org/worldcat/entity/E39PCjHtRGBPW6CbtxXtFBpF8C |0 http://id.loc.gov/authorities/names/n94094332 | |
| 700 | 1 | |a Kettunen, Atte, |e author. | |
| 776 | 0 | 8 | |i Print version: |t Fuzzing for software security testing and quality assurance. |b Second edition. |d Norwood, MA : Artech House, [2018] |z 1608078507 |w (OCoLC)1005685377 |
| 830 | 0 | |a Artech House information security and privacy series. |0 http://id.loc.gov/authorities/names/no2007048455 | |
| 856 | 4 | 0 | |l FWS01 |p ZDB-4-EBA |q FWS_PDA_EBA |u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1825934 |3 Volltext |
| 938 | |a Askews and Holts Library Services |b ASKH |n AH36384991 | ||
| 938 | |a ProQuest Ebook Central |b EBLB |n EBL5430720 | ||
| 938 | |a EBSCOhost |b EBSC |n 1825934 | ||
| 938 | |a IEEE |b IEEE |n 9100404 | ||
| 938 | |a YBP Library Services |b YANK |n 15503380 | ||
| 994 | |a 92 |b GEBAY | ||
| 912 | |a ZDB-4-EBA | ||
| 049 | |a DE-863 | ||
Datensatz im Suchindex
| DE-BY-FWS_katkey | ZDB-4-EBA-on1040072327 |
|---|---|
| _version_ | 1816882462488264705 |
| adam_text | |
| any_adam_object | |
| author | Takanen, Ari DeMott, Jared Miller, Charles, 1951- Kettunen, Atte |
| author_GND | http://id.loc.gov/authorities/names/n2007030098 http://id.loc.gov/authorities/names/nb2008017733 http://id.loc.gov/authorities/names/n94094332 |
| author_facet | Takanen, Ari DeMott, Jared Miller, Charles, 1951- Kettunen, Atte |
| author_role | aut aut aut aut |
| author_sort | Takanen, Ari |
| author_variant | a t at j d jd c m cm a k ak |
| building | Verbundindex |
| bvnumber | localFWS |
| callnumber-first | Q - Science |
| callnumber-label | QA76 |
| callnumber-raw | QA76.9.A25 F89 2018eb |
| callnumber-search | QA76.9.A25 F89 2018eb |
| callnumber-sort | QA 276.9 A25 F89 42018EB |
| callnumber-subject | QA - Mathematics |
| collection | ZDB-4-EBA |
| contents | Intro; Fuzzing for Software Security Testing and Quality Assurance, Second Edition; Foreword from the First Edition; Foreword to the Second Edition; Preface from the First Edition; Preface to the Second Edition; Chapter 1 Introduction; 1.1 Software Security; 1.1.1 Security Incident; 1.1.2 Disclosure Processes; 1.1.3 Attack Surfaces and Attack Vectors; 1.1.4 Reasons Behind Security Mistakes; 1.1.5 Proactive Security; 1.1.6 Security Requirements; 1.2 Software Quality; 1.2.1 Cost-Benefit of Quality; 1.2.2 Target of Test; 1.2.3 Testing Purposes and Test Verdicts; 1.2.4 Structural Testing 1.2.5 Functional Testing1.2.6 Code Auditing; 1.3 Introduction to Fuzzing; 1.3.1 Brief History of Fuzzing; 1.3.2 Fuzzing Overview; 1.3.3 Vulnerabilities Found with Fuzzing; 1.3.4 Fuzzer Types; 1.3.5 Logical Structure of a Fuzzer; 1.3.6 Fuzzing Process; 1.3.7 Fuzzing Frameworks and Test Suites; 1.3.8 Fuzzing and the Enterprise; 1.4 Book Goals and Layout; Chapter 2 Software Vulnerability Analysis; 2.1 Purpose of Vulnerability Analysis; 2.1.1 Security and Vulnerability Scanners; 2.2 People Conducting Vulnerability Analysis; 2.2.1 Hackers; 2.2.2 Vulnerability Analysts or Security Researchers 2.2.3 Penetration Testers2.2.4 Software Security Testers; 2.2.5 IT Security Engineers; 2.3 Target Software; 2.4 Basic Bug Categories; 2.4.1 Memory Corruption Errors; 2.4.2 Web Applications; 2.4.3 Brute Force Login; 2.4.4 Race Condition; 2.4.5 Denial of Service; 2.4.6 Session Hijacking; 2.4.7 Man in the Middle; 2.4.8 Cryptographic Attacks; 2.5 Bug Hunting Techniques; 2.5.1 Reverse Engineering; 2.5.2 Source Code Auditing; 2.6 Fuzzing; 2.6.1 Basic Terms; 2.6.2 Hostile Data; 2.6.3 Number of Tests; 2.7 Defenses; 2.7.1 Why Fuzzing Works; 2.7.2 Defensive Coding; 2.7.3 Input Verification 2.7.4 Hardware Overflow Protection2.7.5 Software Overflow Protection; 2.8 Summary; Chapter 3 Quality Assurance and Testing; 3.1 Quality Assurance and Security; 3.1.1 Security in Software Development; 3.1.2 Security Defects; 3.2 Measuring Quality; 3.2.1 Quality Is About Validation of Features; 3.2.2 Quality Is About Finding Defects; 3.2.3 Quality Is a Feedback Loop to Development; 3.2.4 Quality Brings Visibility to the Development Process; 3.2.5 End Users' Perspective; 3.3 Testing for Quality; 3.3.1 V-Model; 3.3.2 Testing on the Developer's Desktop; 3.3.3 Testing the Design 3.4 Main Categories of Testing3.4.1 Validation Testing Versus Defect Testing; 3.4.2 Structural Versus Functional Testing; 3.5 White-Box Testing; 3.5.1 Making the Code Readable; 3.5.2 Inspections and Reviews; 3.5.3 Code Auditing; 3.6 Black-Box Testing; 3.6.1 Software Interfaces; 3.6.2 Test Targets; 3.6.3 Fuzz Testing as a Profession; 3.7 Purposes of Black-Box Testing; 3.7.1 Conformance Testing; 3.7.2 Functional Security Testing; 3.7.3 Functional Safety Testing; 3.7.4 Interoperability Testing; 3.7.5 Performance Testing; 3.7.6 Robustness Testing; 3.8 Testing Metrics; 3.8.1 Specification Coverage |
| ctrlnum | (OCoLC)1040072327 |
| dewey-full | 005.8 |
| dewey-hundreds | 000 - Computer science, information, general works |
| dewey-ones | 005 - Computer programming, programs, data, security |
| dewey-raw | 005.8 |
| dewey-search | 005.8 |
| dewey-sort | 15.8 |
| dewey-tens | 000 - Computer science, information, general works |
| discipline | Informatik |
| edition | Second edition. |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>07451cam a2200721 i 4500</leader><controlfield tag="001">ZDB-4-EBA-on1040072327</controlfield><controlfield tag="003">OCoLC</controlfield><controlfield tag="005">20241004212047.0</controlfield><controlfield tag="006">m o d </controlfield><controlfield tag="007">cr cnu---unuuu</controlfield><controlfield tag="008">180614s2018 maua ob 001 0 eng d</controlfield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">N$T</subfield><subfield code="b">eng</subfield><subfield code="e">rda</subfield><subfield code="e">pn</subfield><subfield code="c">N$T</subfield><subfield code="d">N$T</subfield><subfield code="d">YDX</subfield><subfield code="d">EBLCP</subfield><subfield code="d">OCLCF</subfield><subfield code="d">CUV</subfield><subfield code="d">CUY</subfield><subfield code="d">NRC</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">K6U</subfield><subfield code="d">UKAHL</subfield><subfield code="d">IEEEE</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">UPM</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCL</subfield><subfield code="d">OCLCQ</subfield></datafield><datafield tag="019" ind1=" " ind2=" "><subfield code="a">1039926205</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781630815196</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1630815195</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">9781608078509</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">1608078507</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1040072327</subfield><subfield code="z">(OCoLC)1039926205</subfield></datafield><datafield tag="050" ind1=" " ind2="4"><subfield code="a">QA76.9.A25</subfield><subfield code="b">F89 2018eb</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM</subfield><subfield code="x">053000</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="082" ind1="7" ind2=" "><subfield code="a">005.8</subfield><subfield code="2">23</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">MAIN</subfield></datafield><datafield tag="245" ind1="0" ind2="0"><subfield code="a">Fuzzing for software security testing and quality assurance /</subfield><subfield code="c">Ari Takanen, Jared DeMott, Charlie Miller, Atte Kettunen.</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">Second edition.</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Boston, MA :</subfield><subfield code="b">Artech House,</subfield><subfield code="c">[2018]</subfield></datafield><datafield tag="264" ind1=" " ind2="4"><subfield code="c">©2018</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource :</subfield><subfield code="b">illustrations</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">computer</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">online resource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="490" ind1="1" ind2=" "><subfield code="a">Artech House information security and privacy series</subfield></datafield><datafield tag="588" ind1="0" ind2=" "><subfield code="a">Print version record.</subfield></datafield><datafield tag="588" ind1="0" ind2=" "><subfield code="a">Online resource; title from PDF title page (EBSCO, viewed June 15, 2018)</subfield></datafield><datafield tag="504" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references and index.</subfield></datafield><datafield tag="505" ind1="0" ind2=" "><subfield code="a">Intro; Fuzzing for Software Security Testing and Quality Assurance, Second Edition; Foreword from the First Edition; Foreword to the Second Edition; Preface from the First Edition; Preface to the Second Edition; Chapter 1 Introduction; 1.1 Software Security; 1.1.1 Security Incident; 1.1.2 Disclosure Processes; 1.1.3 Attack Surfaces and Attack Vectors; 1.1.4 Reasons Behind Security Mistakes; 1.1.5 Proactive Security; 1.1.6 Security Requirements; 1.2 Software Quality; 1.2.1 Cost-Benefit of Quality; 1.2.2 Target of Test; 1.2.3 Testing Purposes and Test Verdicts; 1.2.4 Structural Testing</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">1.2.5 Functional Testing1.2.6 Code Auditing; 1.3 Introduction to Fuzzing; 1.3.1 Brief History of Fuzzing; 1.3.2 Fuzzing Overview; 1.3.3 Vulnerabilities Found with Fuzzing; 1.3.4 Fuzzer Types; 1.3.5 Logical Structure of a Fuzzer; 1.3.6 Fuzzing Process; 1.3.7 Fuzzing Frameworks and Test Suites; 1.3.8 Fuzzing and the Enterprise; 1.4 Book Goals and Layout; Chapter 2 Software Vulnerability Analysis; 2.1 Purpose of Vulnerability Analysis; 2.1.1 Security and Vulnerability Scanners; 2.2 People Conducting Vulnerability Analysis; 2.2.1 Hackers; 2.2.2 Vulnerability Analysts or Security Researchers</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">2.2.3 Penetration Testers2.2.4 Software Security Testers; 2.2.5 IT Security Engineers; 2.3 Target Software; 2.4 Basic Bug Categories; 2.4.1 Memory Corruption Errors; 2.4.2 Web Applications; 2.4.3 Brute Force Login; 2.4.4 Race Condition; 2.4.5 Denial of Service; 2.4.6 Session Hijacking; 2.4.7 Man in the Middle; 2.4.8 Cryptographic Attacks; 2.5 Bug Hunting Techniques; 2.5.1 Reverse Engineering; 2.5.2 Source Code Auditing; 2.6 Fuzzing; 2.6.1 Basic Terms; 2.6.2 Hostile Data; 2.6.3 Number of Tests; 2.7 Defenses; 2.7.1 Why Fuzzing Works; 2.7.2 Defensive Coding; 2.7.3 Input Verification</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">2.7.4 Hardware Overflow Protection2.7.5 Software Overflow Protection; 2.8 Summary; Chapter 3 Quality Assurance and Testing; 3.1 Quality Assurance and Security; 3.1.1 Security in Software Development; 3.1.2 Security Defects; 3.2 Measuring Quality; 3.2.1 Quality Is About Validation of Features; 3.2.2 Quality Is About Finding Defects; 3.2.3 Quality Is a Feedback Loop to Development; 3.2.4 Quality Brings Visibility to the Development Process; 3.2.5 End Users' Perspective; 3.3 Testing for Quality; 3.3.1 V-Model; 3.3.2 Testing on the Developer's Desktop; 3.3.3 Testing the Design</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">3.4 Main Categories of Testing3.4.1 Validation Testing Versus Defect Testing; 3.4.2 Structural Versus Functional Testing; 3.5 White-Box Testing; 3.5.1 Making the Code Readable; 3.5.2 Inspections and Reviews; 3.5.3 Code Auditing; 3.6 Black-Box Testing; 3.6.1 Software Interfaces; 3.6.2 Test Targets; 3.6.3 Fuzz Testing as a Profession; 3.7 Purposes of Black-Box Testing; 3.7.1 Conformance Testing; 3.7.2 Functional Security Testing; 3.7.3 Functional Safety Testing; 3.7.4 Interoperability Testing; 3.7.5 Performance Testing; 3.7.6 Robustness Testing; 3.8 Testing Metrics; 3.8.1 Specification Coverage</subfield></datafield><datafield tag="520" ind1="3" ind2=" "><subfield code="a">This newly revised and expanded second edition of the popular Artech House title, Fuzzing for Software Security Testing and Quality Assurance, provides practical and professional guidance on how and why to integrate fuzzing into the software development lifecycle. This edition introduces fuzzing as a process, goes through commercial tools, and explains what the customer requirements are for fuzzing. The advancement of evolutionary fuzzing tools, including American Fuzzy Lop (AFL) and the emerging full fuzz test automation systems are explored in this edition. Traditional software programmers and testers will learn how to make fuzzing a standard practice that integrates seamlessly with all development activities. It surveys all popular commercial fuzzing tools and explains how to select the right one for software development projects.nnThis book is a powerful new tool to build secure, high-quality software taking a weapon from the malicious hacker's arsenal. This practical resource helps engineers find and patch flaws in software before harmful viruses, worms, and Trojans can use these vulnerabilities to rampage systems. The book shows how to make fuzzing a standard practice that integrates seamlessly with all development activities.</subfield><subfield code="c">Publisher abstract.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer security.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh90001862</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh94001277</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer software</subfield><subfield code="x">Development.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh85029535</subfield></datafield><datafield tag="650" ind1=" " ind2="2"><subfield code="a">Computer Security</subfield><subfield code="0">https://id.nlm.nih.gov/mesh/D016494</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Sécurité informatique.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Réseaux d'ordinateurs</subfield><subfield code="x">Sécurité</subfield><subfield code="x">Mesures.</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS</subfield><subfield code="x">Security</subfield><subfield code="x">General.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer security</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer software</subfield><subfield code="x">Development</subfield><subfield code="2">fast</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Takanen, Ari,</subfield><subfield code="e">author.</subfield><subfield code="0">http://id.loc.gov/authorities/names/n2007030098</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">DeMott, Jared,</subfield><subfield code="e">author.</subfield><subfield code="0">http://id.loc.gov/authorities/names/nb2008017733</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Miller, Charles,</subfield><subfield code="d">1951-</subfield><subfield code="e">author.</subfield><subfield code="1">https://id.oclc.org/worldcat/entity/E39PCjHtRGBPW6CbtxXtFBpF8C</subfield><subfield code="0">http://id.loc.gov/authorities/names/n94094332</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Kettunen, Atte,</subfield><subfield code="e">author.</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Print version:</subfield><subfield code="t">Fuzzing for software security testing and quality assurance.</subfield><subfield code="b">Second edition.</subfield><subfield code="d">Norwood, MA : Artech House, [2018]</subfield><subfield code="z">1608078507</subfield><subfield code="w">(OCoLC)1005685377</subfield></datafield><datafield tag="830" ind1=" " ind2="0"><subfield code="a">Artech House information security and privacy series.</subfield><subfield code="0">http://id.loc.gov/authorities/names/no2007048455</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="l">FWS01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1825934</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">Askews and Holts Library Services</subfield><subfield code="b">ASKH</subfield><subfield code="n">AH36384991</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">ProQuest Ebook Central</subfield><subfield code="b">EBLB</subfield><subfield code="n">EBL5430720</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBSCOhost</subfield><subfield code="b">EBSC</subfield><subfield code="n">1825934</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">IEEE</subfield><subfield code="b">IEEE</subfield><subfield code="n">9100404</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">YBP Library Services</subfield><subfield code="b">YANK</subfield><subfield code="n">15503380</subfield></datafield><datafield tag="994" ind1=" " ind2=" "><subfield code="a">92</subfield><subfield code="b">GEBAY</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-863</subfield></datafield></record></collection> |
| id | ZDB-4-EBA-on1040072327 |
| illustrated | Illustrated |
| indexdate | 2024-11-27T13:29:00Z |
| institution | BVB |
| isbn | 9781630815196 1630815195 |
| language | English |
| oclc_num | 1040072327 |
| open_access_boolean | |
| owner | MAIN DE-863 DE-BY-FWS |
| owner_facet | MAIN DE-863 DE-BY-FWS |
| physical | 1 online resource : illustrations |
| psigel | ZDB-4-EBA |
| publishDate | 2018 |
| publishDateSearch | 2018 |
| publishDateSort | 2018 |
| publisher | Artech House, |
| record_format | marc |
| series | Artech House information security and privacy series. |
| series2 | Artech House information security and privacy series |
| spelling | Fuzzing for software security testing and quality assurance / Ari Takanen, Jared DeMott, Charlie Miller, Atte Kettunen. Second edition. Boston, MA : Artech House, [2018] ©2018 1 online resource : illustrations text txt rdacontent computer c rdamedia online resource cr rdacarrier Artech House information security and privacy series Print version record. Online resource; title from PDF title page (EBSCO, viewed June 15, 2018) Includes bibliographical references and index. Intro; Fuzzing for Software Security Testing and Quality Assurance, Second Edition; Foreword from the First Edition; Foreword to the Second Edition; Preface from the First Edition; Preface to the Second Edition; Chapter 1 Introduction; 1.1 Software Security; 1.1.1 Security Incident; 1.1.2 Disclosure Processes; 1.1.3 Attack Surfaces and Attack Vectors; 1.1.4 Reasons Behind Security Mistakes; 1.1.5 Proactive Security; 1.1.6 Security Requirements; 1.2 Software Quality; 1.2.1 Cost-Benefit of Quality; 1.2.2 Target of Test; 1.2.3 Testing Purposes and Test Verdicts; 1.2.4 Structural Testing 1.2.5 Functional Testing1.2.6 Code Auditing; 1.3 Introduction to Fuzzing; 1.3.1 Brief History of Fuzzing; 1.3.2 Fuzzing Overview; 1.3.3 Vulnerabilities Found with Fuzzing; 1.3.4 Fuzzer Types; 1.3.5 Logical Structure of a Fuzzer; 1.3.6 Fuzzing Process; 1.3.7 Fuzzing Frameworks and Test Suites; 1.3.8 Fuzzing and the Enterprise; 1.4 Book Goals and Layout; Chapter 2 Software Vulnerability Analysis; 2.1 Purpose of Vulnerability Analysis; 2.1.1 Security and Vulnerability Scanners; 2.2 People Conducting Vulnerability Analysis; 2.2.1 Hackers; 2.2.2 Vulnerability Analysts or Security Researchers 2.2.3 Penetration Testers2.2.4 Software Security Testers; 2.2.5 IT Security Engineers; 2.3 Target Software; 2.4 Basic Bug Categories; 2.4.1 Memory Corruption Errors; 2.4.2 Web Applications; 2.4.3 Brute Force Login; 2.4.4 Race Condition; 2.4.5 Denial of Service; 2.4.6 Session Hijacking; 2.4.7 Man in the Middle; 2.4.8 Cryptographic Attacks; 2.5 Bug Hunting Techniques; 2.5.1 Reverse Engineering; 2.5.2 Source Code Auditing; 2.6 Fuzzing; 2.6.1 Basic Terms; 2.6.2 Hostile Data; 2.6.3 Number of Tests; 2.7 Defenses; 2.7.1 Why Fuzzing Works; 2.7.2 Defensive Coding; 2.7.3 Input Verification 2.7.4 Hardware Overflow Protection2.7.5 Software Overflow Protection; 2.8 Summary; Chapter 3 Quality Assurance and Testing; 3.1 Quality Assurance and Security; 3.1.1 Security in Software Development; 3.1.2 Security Defects; 3.2 Measuring Quality; 3.2.1 Quality Is About Validation of Features; 3.2.2 Quality Is About Finding Defects; 3.2.3 Quality Is a Feedback Loop to Development; 3.2.4 Quality Brings Visibility to the Development Process; 3.2.5 End Users' Perspective; 3.3 Testing for Quality; 3.3.1 V-Model; 3.3.2 Testing on the Developer's Desktop; 3.3.3 Testing the Design 3.4 Main Categories of Testing3.4.1 Validation Testing Versus Defect Testing; 3.4.2 Structural Versus Functional Testing; 3.5 White-Box Testing; 3.5.1 Making the Code Readable; 3.5.2 Inspections and Reviews; 3.5.3 Code Auditing; 3.6 Black-Box Testing; 3.6.1 Software Interfaces; 3.6.2 Test Targets; 3.6.3 Fuzz Testing as a Profession; 3.7 Purposes of Black-Box Testing; 3.7.1 Conformance Testing; 3.7.2 Functional Security Testing; 3.7.3 Functional Safety Testing; 3.7.4 Interoperability Testing; 3.7.5 Performance Testing; 3.7.6 Robustness Testing; 3.8 Testing Metrics; 3.8.1 Specification Coverage This newly revised and expanded second edition of the popular Artech House title, Fuzzing for Software Security Testing and Quality Assurance, provides practical and professional guidance on how and why to integrate fuzzing into the software development lifecycle. This edition introduces fuzzing as a process, goes through commercial tools, and explains what the customer requirements are for fuzzing. The advancement of evolutionary fuzzing tools, including American Fuzzy Lop (AFL) and the emerging full fuzz test automation systems are explored in this edition. Traditional software programmers and testers will learn how to make fuzzing a standard practice that integrates seamlessly with all development activities. It surveys all popular commercial fuzzing tools and explains how to select the right one for software development projects.nnThis book is a powerful new tool to build secure, high-quality software taking a weapon from the malicious hacker's arsenal. This practical resource helps engineers find and patch flaws in software before harmful viruses, worms, and Trojans can use these vulnerabilities to rampage systems. The book shows how to make fuzzing a standard practice that integrates seamlessly with all development activities. Publisher abstract. Computer security. http://id.loc.gov/authorities/subjects/sh90001862 Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 Computer software Development. http://id.loc.gov/authorities/subjects/sh85029535 Computer Security https://id.nlm.nih.gov/mesh/D016494 Sécurité informatique. Réseaux d'ordinateurs Sécurité Mesures. COMPUTERS Security General. bisacsh Computer networks Security measures fast Computer security fast Computer software Development fast Takanen, Ari, author. http://id.loc.gov/authorities/names/n2007030098 DeMott, Jared, author. http://id.loc.gov/authorities/names/nb2008017733 Miller, Charles, 1951- author. https://id.oclc.org/worldcat/entity/E39PCjHtRGBPW6CbtxXtFBpF8C http://id.loc.gov/authorities/names/n94094332 Kettunen, Atte, author. Print version: Fuzzing for software security testing and quality assurance. Second edition. Norwood, MA : Artech House, [2018] 1608078507 (OCoLC)1005685377 Artech House information security and privacy series. http://id.loc.gov/authorities/names/no2007048455 FWS01 ZDB-4-EBA FWS_PDA_EBA https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1825934 Volltext |
| spellingShingle | Takanen, Ari DeMott, Jared Miller, Charles, 1951- Kettunen, Atte Fuzzing for software security testing and quality assurance / Artech House information security and privacy series. Intro; Fuzzing for Software Security Testing and Quality Assurance, Second Edition; Foreword from the First Edition; Foreword to the Second Edition; Preface from the First Edition; Preface to the Second Edition; Chapter 1 Introduction; 1.1 Software Security; 1.1.1 Security Incident; 1.1.2 Disclosure Processes; 1.1.3 Attack Surfaces and Attack Vectors; 1.1.4 Reasons Behind Security Mistakes; 1.1.5 Proactive Security; 1.1.6 Security Requirements; 1.2 Software Quality; 1.2.1 Cost-Benefit of Quality; 1.2.2 Target of Test; 1.2.3 Testing Purposes and Test Verdicts; 1.2.4 Structural Testing 1.2.5 Functional Testing1.2.6 Code Auditing; 1.3 Introduction to Fuzzing; 1.3.1 Brief History of Fuzzing; 1.3.2 Fuzzing Overview; 1.3.3 Vulnerabilities Found with Fuzzing; 1.3.4 Fuzzer Types; 1.3.5 Logical Structure of a Fuzzer; 1.3.6 Fuzzing Process; 1.3.7 Fuzzing Frameworks and Test Suites; 1.3.8 Fuzzing and the Enterprise; 1.4 Book Goals and Layout; Chapter 2 Software Vulnerability Analysis; 2.1 Purpose of Vulnerability Analysis; 2.1.1 Security and Vulnerability Scanners; 2.2 People Conducting Vulnerability Analysis; 2.2.1 Hackers; 2.2.2 Vulnerability Analysts or Security Researchers 2.2.3 Penetration Testers2.2.4 Software Security Testers; 2.2.5 IT Security Engineers; 2.3 Target Software; 2.4 Basic Bug Categories; 2.4.1 Memory Corruption Errors; 2.4.2 Web Applications; 2.4.3 Brute Force Login; 2.4.4 Race Condition; 2.4.5 Denial of Service; 2.4.6 Session Hijacking; 2.4.7 Man in the Middle; 2.4.8 Cryptographic Attacks; 2.5 Bug Hunting Techniques; 2.5.1 Reverse Engineering; 2.5.2 Source Code Auditing; 2.6 Fuzzing; 2.6.1 Basic Terms; 2.6.2 Hostile Data; 2.6.3 Number of Tests; 2.7 Defenses; 2.7.1 Why Fuzzing Works; 2.7.2 Defensive Coding; 2.7.3 Input Verification 2.7.4 Hardware Overflow Protection2.7.5 Software Overflow Protection; 2.8 Summary; Chapter 3 Quality Assurance and Testing; 3.1 Quality Assurance and Security; 3.1.1 Security in Software Development; 3.1.2 Security Defects; 3.2 Measuring Quality; 3.2.1 Quality Is About Validation of Features; 3.2.2 Quality Is About Finding Defects; 3.2.3 Quality Is a Feedback Loop to Development; 3.2.4 Quality Brings Visibility to the Development Process; 3.2.5 End Users' Perspective; 3.3 Testing for Quality; 3.3.1 V-Model; 3.3.2 Testing on the Developer's Desktop; 3.3.3 Testing the Design 3.4 Main Categories of Testing3.4.1 Validation Testing Versus Defect Testing; 3.4.2 Structural Versus Functional Testing; 3.5 White-Box Testing; 3.5.1 Making the Code Readable; 3.5.2 Inspections and Reviews; 3.5.3 Code Auditing; 3.6 Black-Box Testing; 3.6.1 Software Interfaces; 3.6.2 Test Targets; 3.6.3 Fuzz Testing as a Profession; 3.7 Purposes of Black-Box Testing; 3.7.1 Conformance Testing; 3.7.2 Functional Security Testing; 3.7.3 Functional Safety Testing; 3.7.4 Interoperability Testing; 3.7.5 Performance Testing; 3.7.6 Robustness Testing; 3.8 Testing Metrics; 3.8.1 Specification Coverage Computer security. http://id.loc.gov/authorities/subjects/sh90001862 Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 Computer software Development. http://id.loc.gov/authorities/subjects/sh85029535 Computer Security https://id.nlm.nih.gov/mesh/D016494 Sécurité informatique. Réseaux d'ordinateurs Sécurité Mesures. COMPUTERS Security General. bisacsh Computer networks Security measures fast Computer security fast Computer software Development fast |
| subject_GND | http://id.loc.gov/authorities/subjects/sh90001862 http://id.loc.gov/authorities/subjects/sh94001277 http://id.loc.gov/authorities/subjects/sh85029535 https://id.nlm.nih.gov/mesh/D016494 |
| title | Fuzzing for software security testing and quality assurance / |
| title_auth | Fuzzing for software security testing and quality assurance / |
| title_exact_search | Fuzzing for software security testing and quality assurance / |
| title_full | Fuzzing for software security testing and quality assurance / Ari Takanen, Jared DeMott, Charlie Miller, Atte Kettunen. |
| title_fullStr | Fuzzing for software security testing and quality assurance / Ari Takanen, Jared DeMott, Charlie Miller, Atte Kettunen. |
| title_full_unstemmed | Fuzzing for software security testing and quality assurance / Ari Takanen, Jared DeMott, Charlie Miller, Atte Kettunen. |
| title_short | Fuzzing for software security testing and quality assurance / |
| title_sort | fuzzing for software security testing and quality assurance |
| topic | Computer security. http://id.loc.gov/authorities/subjects/sh90001862 Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 Computer software Development. http://id.loc.gov/authorities/subjects/sh85029535 Computer Security https://id.nlm.nih.gov/mesh/D016494 Sécurité informatique. Réseaux d'ordinateurs Sécurité Mesures. COMPUTERS Security General. bisacsh Computer networks Security measures fast Computer security fast Computer software Development fast |
| topic_facet | Computer security. Computer networks Security measures. Computer software Development. Computer Security Sécurité informatique. Réseaux d'ordinateurs Sécurité Mesures. COMPUTERS Security General. Computer networks Security measures Computer security Computer software Development |
| url | https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1825934 |
| work_keys_str_mv | AT takanenari fuzzingforsoftwaresecuritytestingandqualityassurance AT demottjared fuzzingforsoftwaresecuritytestingandqualityassurance AT millercharles fuzzingforsoftwaresecuritytestingandqualityassurance AT kettunenatte fuzzingforsoftwaresecuritytestingandqualityassurance |