M ICHAEL S UTTON
Michael Sutton is the Security Evangelist for SPI Dynamics. As Security Evangelist, Michael is responsible for identifying, researching, and presenting on emerging issues in the web application security industry. He is a frequent speaker at major information security conferences, has authored numerous articles, and is regularly quoted in the media on various information security topics.Michael is also a member of the Web Application Security Consortium (WASC), where he is project lead for the Web Application Security Statistics project.
Prior to joining SPI Dynamics,Michael was a Director for iDefense/VeriSign, where he headed iDefense Labs, a team of world class researchers tasked with discovering and researching security vulnerabilities.Michael also established the Information Systems Assurance and Advisory Services (ISAAS) practice for Ernst & Young in Bermuda. He holds degrees from the University of Alberta and The George Washington University. Michael is a proud Canadian who understands that hockey is a religion and not a sport. Outside of the office, he is a Sergeant with the Fairfax Volunteer Fire Department.
A DAM G REENE
Adam Greene is an engineer for a large financial news company based in New York City. Previously, he served as an engineer for iDefense, an intelligence company located in Reston, VA. His interests in computer security lie mainly in reliable exploitation methods, fuzzing, and UNIX-based system auditing and exploit development.
P EDRAM A MINI
Pedram Amini currently leads the security research and product security assessment team at TippingPoint. Previously, he was the assistant director and one of the founding members of iDefense Labs. Despite the fancy titles, he spends much of his time in the shoes of a reverse engineer–developing automation tools, plug-ins, and scripts. His most recent projects (a.k.a. “babies”) include the PaiMei reverse engineering framework and the Sulley fuzzing framework.
In conjunction with his passion, Pedram launched OpenRCE.org, a community website dedicated to the art and science of reverse engineering. He has presented at RECon, BlackHat, DefCon, ShmooCon, and ToorCon and taught numerous sold out reverse engineering courses. Pedram holds a computer science degree from Tulane University.
Vulnerability discovery methodologies | p. 3 |
What is fuzzing? | p. 21 |
Fuzzing methods and fuzzer types | p. 33 |
Data representation and analysis | p. 45 |
Requirements for effective fuzzing | p. 61 |
Automation and data generation | p. 73 |
Environment variable and argument fuzzing | p. 89 |
Environment variable and argument fuzzing : automation | p. 103 |
Web application and server fuzzing | p. 113 |
Web application and server fuzzing : automation | p. 137 |
File format fuzzing | p. 169 |
File format fuzzing : automation on UNIX | p. 181 |
File format fuzzing : automation on windows | p. 197 |
Network protocol fuzzing | p. 223 |
Network protocol fuzzing : automation on UNIX | p. 235 |
Network protocol fuzzing : automation on windows | p. 249 |
Web Browser fuzzing | p. 267 |
Web Browser fuzzing : automation | p. 283 |
In-memory fuzzing | p. 301 |
In-memory fuzzing : automation | p. 315 |
Fuzzing frameworks | p. 351 |
Automated protocol dissection | p. 419 |
Fuzzer tracking | p. 437 |
Intelligent fault detection | p. 471 |
Lessons learned | p. 497 |
Looking forward | p. 507 |
Table of Contents provided by Blackwell. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.