معرفی کتاب «Fuzzing brute force vulnerabilty discovery. - Includes index» نوشتهٔ Amini, Pedram;Greene, Adam;Sutton, Michael، منتشرشده توسط نشر Addison-Wesley Professional در سال 2007. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
This is the eBook version of the printed book. If the print book includes a CD-ROM, this content is not included within the eBook version. FUZZING Master One of Today's Most Powerful Techniques for Revealing Security Flaws! Fuzzing has evolved into one of today's most effective approaches to test software security. To “fuzz,” you attach a program's inputs to a source of random data, and then systematically identify the failures that arise. Hackers have relied on fuzzing for years: Now, it's your turn. In this book, renowned fuzzing experts show you how to use fuzzing to reveal weaknesses in your software before someone else does. Fuzzing is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work. Coverage includes: • Why fuzzing simplifies test design and catches flaws other methods miss • The fuzzing process: from identifying inputs to assessing “exploitability” • Understanding the requirements for effective fuzzing • Comparing mutation-based and generation-based fuzzers • Using and automating environment variable and argument fuzzing • Mastering in-memory fuzzing techniques • Constructing custom fuzzing frameworks and tools • Implementing intelligent fault detection Attackers are already using fuzzing. You should, too. Whether you're a developer, security engineer, tester, or QA specialist, this book teaches you how to build secure software. MuPDF error: syntax error: invalid key in dict MuPDF error: syntax error: invalid key in dict MuPDF error: syntax error: invalid key in dict MuPDF error: syntax error: invalid key in dict MuPDF error: syntax error: invalid key in dict MuPDF error: syntax error: invalid key in dict MuPDF error: syntax error: invalid key in dict MuPDF error: syntax error: invalid key in dict MuPDF error: syntax error: invalid key in dict Contents 8 Foreword 20 Preface 22 Acknowledgments 26 About the Author 28 PART I: BACKGROUND 30 Chapter 1 Vulnerability Discovery Methodologies 32 White Box Testing 33 Black Box Testing 38 Gray Box Testing 43 Summary 48 Chapter 2 What Is Fuzzing? 50 Definition of Fuzzing 50 History of Fuzzing 51 Fuzzing Phases 56 Fuzzing Limitations and Expectations 58 Summary 61 Chapter 3 Fuzzing Methods and Fuzzer Types 62 Fuzzing Methods 62 Fuzzer Types 65 Summary 73 Chapter 4 Data Representation and Analysis 74 What Are Protocols? 74 Protocol Fields 75 Plain Text Protocols 77 Binary Protocols 78 Network Protocols 82 File Formats 83 Common Protocol Elements 86 Summary 88 Chapter 5 Requirements for Effective Fuzzing 90 Reproducibility and Documentation 91 Reusability 91 Process State and Process Depth 93 Tracking, Code Coverage, and Metrics 95 Error Detection 96 Resource Constraints 98 Summary 98 PART II: TARGETS AND AUTOMATION 100 Chapter 6 Automation and Data Generation 102 Value of Automation 102 Helpful Tools and Libraries 103 Programming Language Choice 106 Data Generation and Fuzz Heuristics 107 Summary 116 Chapter 7 Environment Variable and Argument Fuzzing 118 Introduction to Local Fuzzing 118 Local Fuzzing Principles 121 Finding Targets 122 Local Fuzzing Methods 124 Enumerating Environment Variables 125 Automating Environment Variable Fuzzing 127 Detecting Problems 128 Summary 130 Chapter 8 Environment Variable and Argument Fuzzing: Automation 132 Features of iFUZZ Local Fuzzer 132 Development 134 Language 138 Case Study 139 Benefits and Room for Improvement 140 Summary 141 Chapter 9 Web Application and Server Fuzzing 142 What Is Web Application Fuzzing? 142 Targets 146 Methods 147 Vulnerabilities 161 Detection 164 Summary 165 Chapter 10 Web Application and Server Fuzzing: Automation 166 Web Application Fuzzers 167 Features 169 Necessary Background Information 173 Development 177 Case Studies 185 Benefits and Room for Improvement 195 Summary 196 Chapter 11 File Format Fuzzing 198 Targets 199 Methods 200 Inputs 203 Vulnerabilities 203 Detection 207 Summary 208 Chapter 12 File Format Fuzzing: Automation on UNIX 210 notSPIKEfile and SPIKEfile 211 Development Approach 212 Meaningful Code Snippets 214 Zombie Processes 218 Usage Notes 220 Case Study: RealPlayer RealPix Format String Vulnerability 222 Language 224 Summary 224 Chapter 13 File Format Fuzzing: Automation on Windows 226 Windows File Format Vulnerabilities 226 Features 230 Necessary Background Information 234 Development 238 Case Study 246 Benefits and Room for Improvement 250 Summary 251 Chapter 14 Network Protocol Fuzzing 252 What Is Network Protocol Fuzzing? 253 Targets 255 Methods 259 Fault Detection 261 Summary 263 Chapter 15 Network Protocol Fuzzing: Automation on UNIX 264 Fuzzing with SPIKE 265 SPIKE 101 269 Block-Based Protocol Modeling 271 Additional SPIKE Features 272 Writing the SPIKE NMAP Fuzzer Script 273 Summary 277 Chapter 16 Network Protocol Fuzzing: Automation on Windows 278 Features 279 Necessary Background Information 283 Development 284 Case Study 291 Benefits and Room for Improvement 293 Summary 294 Chapter 17 Web Browser Fuzzing 296 What Is Web Browser Fuzzing? 297 Targets 298 Methods 298 Vulnerabilities 309 Detection 311 Summary 311 Chapter 18 Web Browser Fuzzing: Automation 312 Component Object Model Background 312 Fuzzer Development 316 Summary 328 Chapter 19 In-Memory Fuzzing 330 In-Memory Fuzzing: What and Why? 331 Necessary Background Information 331 No Really, What Is In-Memory Fuzzing? 335 Targets 336 Method: Mutation Loop Insertion 337 Method: Snapshot Restoration Mutation 338 Testing Speed and Process Depth 339 Fault Detection 340 Summary 341 Chapter 20 In-Memory Fuzzing: Automation 344 Required Feature Set 345 Language Choice 346 Windows Debugging API 349 Putting It All Together 352 PyDbg, Your New Best Friend 361 A Contrived Example 363 Summary 377 PART III: ADVANCED FUZZING TECHNOLOGIES 378 Chapter 21 Fuzzing Frameworks 380 What Is a Fuzzing Framework? 381 Existing Frameworks 383 Custom Fuzzer Case Study: Shockwave Flash 400 Sulley: Fuzzing Framework 415 Summary 446 Chapter 22 Automated Protocol Dissection 448 What’s the Problem with Fuzzing? 448 Heuristic Techniques 450 Bioinformatics 456 Genetic Algorithms 460 Summary 464 Chapter 23 Fuzzer Tracking 466 What Exactly Are We Tracking? 466 Binary Visualization and Basic Blocks 468 Architecting a Fuzzer Tracker 471 Dissecting a Code Coverage Tool 478 Case Study 486 Benefits and Future Improvements 495 Summary 498 Chapter 24 Intelligent Fault Detection 500 Primitive Fault Detection 501 What Are We Looking For? 503 A Note on Choosing Fuzz Values 509 Automated Debugger Monitoring 510 First-Chance Versus Last-Chance Exceptions 518 Dynamic Binary Instrumentation 520 Summary 522 PART IV: LOOKING FORWARD 524 Chapter 25 Lessons Learned 526 Software Development Lifecycle 526 Developers 532 QA Researchers 533 Security Researchers 533 Summary 534 Chapter 26 Looking Forward 536 Commercial Tools 536 Hybrid Approaches to Vulnerability Discovery 544 Integrated Test Platforms 545 Summary 545 Index 548 A 548 B 549 C 550 D 551 E 553 F 554 G 556 H 556 I 557 J 558 K 558 L 558 M 559 N 560 O 561 P 561 Q 564 R 564 S 565 T 567 U 569 V 570 W 571 X 572 Y – Z 572
FUZZING
Master One of Today’s Most Powerful Techniques for Revealing Security Flaws!
Fuzzing has evolved into one of today’s most effective approaches to test software security. To “fuzz,” you attach a program’s inputs to a source of random data, and then systematically identify the failures that arise. Hackers have
relied on fuzzing for years: Now, it’s your turn. In this book, renowned fuzzing experts show you how to use fuzzing to reveal weaknesses in your software before someone else does.
Fuzzing is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work. Coverage includes:
• Why fuzzing simplifies test design and catches flaws other methods miss
• The fuzzing process: from identifying inputs to assessing “exploitability”
• Understanding the requirements for effective fuzzing
• Comparing mutation-based and generation-based fuzzers
• Using and automating environment variable and argument fuzzing
• Mastering in-memory fuzzing techniques
• Constructing custom fuzzing frameworks and tools
• Implementing intelligent fault detection
Attackers are already using fuzzing. You should, too. Whether you’re a developer, security engineer, tester, or QA specialist, this book teaches you how to build secure software.
Foreword xix
Preface xxi
Acknowledgments xxv
About the Author xxvii
P ARTI B ACKGROUND 1
Chapter 1 Vulnerability Discovery Methodologies 3
Chapter 2 What Is Fuzzing? 21
Chapter 3 Fuzzing Methods and Fuzzer Types 33
Chapter 4 Data Representation and Analysis 45
Chapter 5 Requirements for Effective Fuzzing 61
P ART II T ARGETS AND A UTOMATION 71
Chapter 6 Automation and Data Generation 73
Chapter 7 Environment Variable and Argument Fuzzing 89
Chapter 8 Environment Variable and Argument Fuzzing: Automation 103
Chapter 9 Web Application and Server Fuzzing 113
Chapter 10 Web Application and Server Fuzzing: Automation 137
Chapter 11 File Format Fuzzing 169
Chapter 12 File Format Fuzzing: Automation on UNIX 181
Chapter 13 File Format Fuzzing: Automation on Windows 197
Chapter 14 Network Protocol Fuzzing 223
Chapter 15 Network Protocol Fuzzing: Automation on UNIX 235
Chapter 16 Network Protocol Fuzzing: Automation on Windows 249
Chapter 17 Web Browser Fuzzing 267
Chapter 18 Web Browser Fuzzing: Automation 283
Chapter 19 In-Memory Fuzzing 301
Chapter 20 In-Memory Fuzzing: Automation 315
P ART III A DVANCED F UZZING T ECHNOLOGIES 349
Chapter 21 Fuzzing Frameworks 351
Chapter 22 Automated Protocol Dissection 419
Chapter 23 Fuzzer Tracking 437
Chapter 24 Intelligent Fault Detection 471
P ART IV L OOKING F ORWARD 495
Chapter 25 Lessons Learned 497
Chapter 26 Looking Forward 507
Index 519
"Fuzzing is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work."--Jacket