<P style="MARGIN: 0px">FUZZING</P> <P style="MARGIN: 0px">Master One of Today's Most Powerful Techniques for Revealing Security Flaws!</P> <P style="MARGIN: 0px">Fuzzing has evolved into one of today's most effective approaches to test software security. To “fuzz,” you attach a program's inputs to a source of random data, and then systematically identify the failures that arise. Hackers have</P> <P style="MARGIN: 0px">relied on fuzzing for years: Now, it's your turn. In this book, renowned fuzzing experts show you how to use fuzzing to reveal weaknesses in your software before someone else does.</P> <P style="MARGIN: 0px"><I> </I></P> <P style="MARGIN: 0px"><I>Fuzzing </I>is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work. Coverage includes:</P> <P style="MARGIN: 0px"> </P> <P style="MARGIN: 0px">• Why fuzzing simplifies test design and catches flaws other methods miss</P> <P style="MARGIN: 0px">• The fuzzing process: from identifying inputs to assessing “exploitability”</P> <P style="MARGIN: 0px">• Understanding the requirements for effective fuzzing</P> <P style="MARGIN: 0px">• Comparing mutation-based and generation-based fuzzers</P> <P style="MARGIN: 0px">• Using and automating environment variable and argument fuzzing</P> <P style="MARGIN: 0px">• Mastering in-memory fuzzing techniques</P> <P style="MARGIN: 0px">• Constructing custom fuzzing frameworks and tools</P> <P style="MARGIN: 0px">• Implementing intelligent fault detection</P> <P style="MARGIN: 0px"> </P> <P style="MARGIN: 0px">Attackers are already using fuzzing. You should, too. Whether you're a developer, security engineer, tester, or QA specialist, this book teaches you how to build secure software.</P> <P style="MARGIN: 0px"> </P> <P style="MARGIN: 0px">Foreword     xix</P> <P style="MARGIN: 0px">Preface        xxi</P> <P style="MARGIN: 0px">Acknowledgments  xxv</P> <P style="MARGIN: 0px">About the Author   xxvii</P> <P style="MARGIN: 0px"><B>P</B><B>ARTI         B</B><B>ACKGROUND     1</B></P> <P style="MARGIN: 0px">Chapter 1    Vulnerability Discovery Methodologies  3</P> <P style="MARGIN: 0px">Chapter 2    What Is Fuzzing?   21</P> <P style="MARGIN: 0px">Chapter 3    Fuzzing Methods and Fuzzer Types     33</P> <P style="MARGIN: 0px">Chapter 4    Data Representation and Analysis        45</P> <P style="MARGIN: 0px">Chapter 5    Requirements for Effective Fuzzing      61</P> <P style="MARGIN: 0px"><B>P</B><B>ART II      T</B><B>ARGETS AND A</B><B>UTOMATION          71</B></P> <P style="MARGIN: 0px">Chapter 6    Automation and Data Generation        73</P> <P style="MARGIN: 0px">Chapter 7    Environment Variable and Argument Fuzzing 89</P> <P style="MARGIN: 0px">Chapter 8    Environment Variable and Argument Fuzzing: Automation 103</P> <P style="MARGIN: 0px">Chapter 9    Web Application and Server Fuzzing     113</P> <P style="MARGIN: 0px">Chapter 10  Web Application and Server Fuzzing: Automation    137</P> <P style="MARGIN: 0px">Chapter 11  File Format Fuzzing         169</P> <P style="MARGIN: 0px">Chapter 12  File Format Fuzzing: Automation on UNIX     181</P> <P style="MARGIN: 0px">Chapter 13  File Format Fuzzing: Automation on Windows         197</P> <P style="MARGIN: 0px">Chapter 14  Network Protocol Fuzzing         223</P> <P style="MARGIN: 0px">Chapter 15  Network Protocol Fuzzing: Automation on UNIX     235</P> <P style="MARGIN: 0px">Chapter 16  Network Protocol Fuzzing: Automation on Windows         249</P> <P style="M