免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
最近访问板块 发新帖
查看: 34074 | 回复: 119

Open Source Fuzzing Tools [复制链接]

论坛徽章:
2
2015年辞旧岁徽章
日期:2015-03-03 16:54:152015年迎新春徽章
日期:2015-03-04 09:55:28
发表于 2008-03-10 16:34 |显示全部楼层




Product Details

  
  • Paperback: 448 pages
  • Publisher: Syngress (August 1, 2007)
  • Language: English
  • ISBN-10: 1597491950
  • ISBN-13: 978-1597491952
  • Product Dimensions: 9.1 x 7.5 x 0.7 inches

Book Description

Fuzzing is often described as a black boxsoftware testing technique. It works by automatically feeding a programmultiple input iterations in an attempt to trigger an internal errorindicative of a bug, and potentially crash it. Such program errors andcrashes are indicative of the existence of a security vulnerability,which can later be researched and fixed.

Fuzztesting is now making a transition from a hacker-grown tool to acommercial-grade product. There are many different types ofapplications that can be fuzzed, many different ways they can befuzzed, and a variety of different problems that can be uncovered.There are also problems that arise during fuzzing; when is enoughenough? These issues and many others are fully explored.

        Learn How Fuzzing Finds Vulnerabilities
Eliminate buffer overflows, format strings and other potential flaws
        Find Coverage of Available Fuzzing Tools
Complete coverage of open source and commercial tools and their uses
        Build Your Own Fuzzer
Automate the process of vulnerability research by building your own tools
        Understand How Fuzzing Works within the Development Process
Learn how fuzzing serves as a quality assurance tool for your own and third-party software   

      About the Author
Noam Rathaus is theco-founder and CTO of Beyond Security, a company specializing in thedevelopment of enterprise-wide security assessment technologies,vulnerability assessment-based SOCs (security operation centers) andrelated products. He holds an electrical engineering degree from BenGurion University, and has been checking the security of computersystems from the age of 13. Noam is also the editor-in-chief ofSecuriTeam.com, one of the largest vulnerability databases and securityportals on the Internet. He has contributed to several security-relatedopen-source projects including an active role in the Nessus securityscanner project. He has written over 150 security tests to the opensource tool's vulnerability database, and also developed the firstNessus client for the Windows operating system. Noam is apparently onthe hit list of several software giants after being responsible foruncovering security holes in products by vendors such as Microsoft,Macromedia, Trend Micro, and Palm. This keeps him on the run using hisNacra Catamaran, capable of speeds exceeding 14 knots for a quickgetaway. Gadi Evron works for the McLean, VA-based vulnerabilityassessment solution vendor Beyond Security as Security Evangelist andis the chief editor of the security portal SecuriTeam. He is a knownleader in the world of Internet security operations, especiallyregarding botnets and phishing. He is also the operations manager forthe Zeroday Emergency Response Team (ZERT) and a renowned expert oncorporate security and espionage threats. Previously, Gadi was InternetSecurity Operations Manager for the Israeli government and the managerand founder of the Israeli governments Computer Emergency Response Team(CERT).




A "fuzzer" is a program that attempts to discover security
   vulnerabilities by sending random data to an application. If that
   application crashes, then it has deffects to correct. Security
   professionals and web developers can use fuzzing for software
   testing--checking their own programs for problems--before hackers do it!
   
   
   Open Source Fuzzing Tools is the first book to market that covers the
   subject of black box testing using fuzzing techniques. Fuzzing has been
   around fow a while, but is making a transition from hacker home-grown
   tool to commercial-grade quality assurance product. Using fuzzing,
   developers can find and eliminate buffer overflows and other software
   vulnerabilities during the development process and before release.
   
   * Fuzzing is a fast-growing field with increasing commercial interest (7
   vendors unveiled fuzzing products last year).
   * Vendors today are looking for solutions to the ever increasing threat
   of vulnerabilities. Fuzzing looks for these vulnerabilities
   automatically, before they are known, and eliminates them before
   release.  
   * Software developers face an incresing demand to produce secure
   applications---and they are looking for any information to help them do
   that.


游客,如果您要查看本帖隐藏内容请回复


[ 本帖最后由 Send_linux 于 2008-3-10 17:07 编辑 ]

论坛徽章:
0
发表于 2008-03-16 18:31 |显示全部楼层
look look~~~

论坛徽章:
0
发表于 2008-03-20 08:20 |显示全部楼层

look

look download

论坛徽章:
0
发表于 2008-03-21 21:26 |显示全部楼层
:wink:

论坛徽章:
0
发表于 2008-03-31 21:02 |显示全部楼层
好好学习学习,感谢楼主好人!!!

论坛徽章:
0
发表于 2008-04-06 20:26 |显示全部楼层

ding

happy ding ding

论坛徽章:
0
发表于 2008-04-07 14:12 |显示全部楼层
好东西,谢谢楼主的分享!!!!

论坛徽章:
0
发表于 2008-04-11 09:07 |显示全部楼层
谢谢共享,不过下点东西反复登陆有点郁闷!!

论坛徽章:
0
发表于 2008-04-13 13:42 |显示全部楼层

luck

luck you every day

论坛徽章:
0
发表于 2008-04-14 13:13 |显示全部楼层
ddddddddddddd
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

DTCC2020中国数据库技术大会

【架构革新 高效可控】2020年12月21日-23日第十一届中国数据库技术大会将在北京隆重召开。

大会设置2大主会场,20+技术专场,将邀请超百位行业专家,重点围绕数据架构、AI与大数据、传统企业数据库实践和国产开源数据库等内容展开分享和探讨,为广大数据领域从业人士提供一场年度盛会和交流平台。

http://dtcc.it168.com


大会官网>>
  

北京盛拓优讯信息技术有限公司. 版权所有 16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122
中国互联网协会会员  联系我们:huangweiwei@it168.com
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP