Fuzzing for Software Security Testing and Quality Assurance

Software is infested with security flaws that can be misused by hackers. Current test automation does not cover negative or crash testing of software, and security experts are relying on penetration tests that focus on finding old known flaws rather than new. This book approaches the problem with the mindset of a hacker and explores the method they use to find flaws in software. The aim is give you a powerful new tool to fix worm-size holes in your own design, testing and building without adding expense or time to already tight software development schedules and budgets. Fuzzing is a software testing approach where carefully designed or just randomly generated unexpected inputs are sent to software a device in order to crash it. It's the most used technique hackers use to find security bugs. The book shows how to make it a standard practice that integrates seamlessly with other development activities and goes through each phase of software development and points out where testing and auditing can tighten security. The book also identifies cases where available tools fall short and surveys other popular fuzzing tools and techniques that work better.