Fuzzing for software security testing and quality assurance / Ari Takanen, Jared DeMott, Charlie Miller, Atte Kettunen

Contributor(s):

Resource type: Ressourcentyp: Buch (Online)Book (Online)Language: English Series: Artech House information security and privacy seriesPublisher: Boston ; London : Artech House, [2018]Copyright date: © 2018Edition: Second editionDescription: 1 Online-RessourceISBN:

1630815195
9781630815196

Subject(s):

Additional physical formats: 1608078507 | 9781608078509 | Erscheint auch als: Fuzzing for software security testing and quality assurance. Druck-Ausgabe Second edition. Boston : Artech House, 2018. xxv, 318 SeitenDDC classification:

005.8

RVK: RVK: ST 233 | ST 277LOC classification:

QA76.9.A25

Online resources:

Zugang im Netz des KIT

Summary: 1.2.5 Functional Testing1.2.6 Code Auditing; 1.3 Introduction to Fuzzing; 1.3.1 Brief History of Fuzzing; 1.3.2 Fuzzing Overview; 1.3.3 Vulnerabilities Found with Fuzzing; 1.3.4 Fuzzer Types; 1.3.5 Logical Structure of a Fuzzer; 1.3.6 Fuzzing Process; 1.3.7 Fuzzing Frameworks and Test Suites; 1.3.8 Fuzzing and the Enterprise; 1.4 Book Goals and Layout; Chapter 2 Software Vulnerability Analysis; 2.1 Purpose of Vulnerability Analysis; 2.1.1 Security and Vulnerability Scanners; 2.2 People Conducting Vulnerability Analysis; 2.2.1 Hackers; 2.2.2 Vulnerability Analysts or Security ResearchersSummary: 2.2.3 Penetration Testers2.2.4 Software Security Testers; 2.2.5 IT Security Engineers; 2.3 Target Software; 2.4 Basic Bug Categories; 2.4.1 Memory Corruption Errors; 2.4.2 Web Applications; 2.4.3 Brute Force Login; 2.4.4 Race Condition; 2.4.5 Denial of Service; 2.4.6 Session Hijacking; 2.4.7 Man in the Middle; 2.4.8 Cryptographic Attacks; 2.5 Bug Hunting Techniques; 2.5.1 Reverse Engineering; 2.5.2 Source Code Auditing; 2.6 Fuzzing; 2.6.1 Basic Terms; 2.6.2 Hostile Data; 2.6.3 Number of Tests; 2.7 Defenses; 2.7.1 Why Fuzzing Works; 2.7.2 Defensive Coding; 2.7.3 Input VerificationSummary: 2.7.4 Hardware Overflow Protection2.7.5 Software Overflow Protection; 2.8 Summary; Chapter 3 Quality Assurance and Testing; 3.1 Quality Assurance and Security; 3.1.1 Security in Software Development; 3.1.2 Security Defects; 3.2 Measuring Quality; 3.2.1 Quality Is About Validation of Features; 3.2.2 Quality Is About Finding Defects; 3.2.3 Quality Is a Feedback Loop to Development; 3.2.4 Quality Brings Visibility to the Development Process; 3.2.5 End Users' Perspective; 3.3 Testing for Quality; 3.3.1 V-Model; 3.3.2 Testing on the Developer's Desktop; 3.3.3 Testing the DesignSummary: 3.4 Main Categories of Testing3.4.1 Validation Testing Versus Defect Testing; 3.4.2 Structural Versus Functional Testing; 3.5 White-Box Testing; 3.5.1 Making the Code Readable; 3.5.2 Inspections and Reviews; 3.5.3 Code Auditing; 3.6 Black-Box Testing; 3.6.1 Software Interfaces; 3.6.2 Test Targets; 3.6.3 Fuzz Testing as a Profession; 3.7 Purposes of Black-Box Testing; 3.7.1 Conformance Testing; 3.7.2 Functional Security Testing; 3.7.3 Functional Safety Testing; 3.7.4 Interoperability Testing; 3.7.5 Performance Testing; 3.7.6 Robustness Testing; 3.8 Testing Metrics; 3.8.1 Specification CoverageSummary: Intro; Fuzzing for Software Security Testing and Quality Assurance, Second Edition; Foreword from the First Edition; Foreword to the Second Edition; Preface from the First Edition; Preface to the Second Edition; Chapter 1 Introduction; 1.1 Software Security; 1.1.1 Security Incident; 1.1.2 Disclosure Processes; 1.1.3 Attack Surfaces and Attack Vectors; 1.1.4 Reasons Behind Security Mistakes; 1.1.5 Proactive Security; 1.1.6 Security Requirements; 1.2 Software Quality; 1.2.1 Cost-Benefit of Quality; 1.2.2 Target of Test; 1.2.3 Testing Purposes and Test Verdicts; 1.2.4 Structural TestingPPN: PPN: 1026568153Package identifier: Produktsigel: ZDB-4-EBA | ZDB-4-ITC | ZDB-4-NLEBK

Holdings ( 0 )

No physical items for this record