实例介绍
【实例简介】
Product Details Paperback: 210 pages Publisher: Syngress; 1 edition (December 28, 2007) Language: English ISBN-10: 1597491950 ISBN-13: 978-1597491952 Product Dimensions: 7.5 x 0.5 x 9.2 inches
This page intentionally left blank Elsevier, InC, the author(s), and any person or firm involved in the writing, editing, or production(collectively Makers")of this book("the Work")do not guarantee or warrant the results to be obtained from the Work There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold As IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state In no event will Makers be liable to you for damages, includi loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files yngress Media, Syngress, "Career Advancement Through Skill Enhancement, ""Ask the Author UPDATE and Hack Proofing, are registered trademarks of Elsevier, Inc "Syngress: The Definition of a Serious Security Library", "Mission Critical, and"The Only Way to Stop a hacker is to Think Like One are trademarks of Elsevier, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies PUBLISHED BY Syngress Publishing, Inc Elsevier. I 30 Corporate drive Burlington, MA 01803 Open Source Fuzzing Tools Copyright C 2007 by Elsevier, Inc. All rights reserved. Printed in the United States of America E It Act of 1976, no part of this publicati duced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered stored, and executed in a computer system, but they may not be reproduced for publication Printed in the United States of america 1234567890 ISBN13:978-1-59749195-2 Publisher: Amorette pedersen Cover Designer SPi Acquisitions Editor: Patrice Rapalus Page layout and Art: SPi For information on rights, translations, and bulk sales, contact Matt Pedersen, Commercial Sales Director andRightsatSyngressPublishingemailm.pedersen(@elsevier.com This page intentionally left blank Contributing Authors Gadi Evron is Security evangelist for Beyond security, chief editor of the SecuriTeam portal and recognized globally for his work and leadership in Internet security operations. He is the founder of the Zeroday Emergency Response Team(ZERT), organizes and chairs worldwide conferences, working groups and task forces. He is considered an expert on corporate security and counterespionage, botnets, e-fraud and phishing. Previously, Gadi was Ciso at the Israeli government isp(e Government project)and founded the israeli Government cert. he has authored two books on information security and is a frequent lecturer Noam Rathaus is the co-founder and cto of Beyond security He holds an electrical engineering degree from Ben Gurion University and has been checking the security of computer systems from the age of 13. He is also the editor-in-chief of SecuriTeam. com, one of the largest vulnerability databases and security portals on the Internet Robert Fly is a Director of product Security at Salesforce. com where he works with the great folks there to help deliver a service that the world can trust. At Salesforce. com he heads up the company-wide effort for building security into the development lifecycle. Prior to Salesforce. com Robert worked at Microsoft for about eight years, the last few spent in the real Time Collaboration group as a Software Security lead heading up a team of very talented individuals responsible for ensuring the security of those products Aviram Jenik is CEO of Beyond Security and contributor to SecuriTeam. com David maynor is cto of Errata Security, a consulting and product testing cybersecurity company Charlie Miller spent five years as a global Network Exploitation analyst for the National Security Agency. During this time, he identified weaknesses and vulnerabilities in computer networks and executed numerous successful computer network exploitations against foreign targets. He sought and iscovered vulnerabilities against security critical network code, including web servers and web applications. Since then, he has worked as a Senior Security architect for a financial firm and currently works as a principal Security analyst for Independent Security Evaluators, a security firm. He has spoken at the Workshop on the Economics of Information Security, Black hat. and DefCon He has a B.S. from Truman State University and a ph. D. from the University of Notre Dame Yoav Naveh works as an r &d team leader for mclean based beyond Security and one of the chief developers of the bestorM fuzzing framework He is a security researcher with 8 years of experience. He holds the rank of Captain in the Israeli Defense Force (ret. and is a leading authority in the blackbox testing field Contents Chapter 1 Introduction to Vulnerability Research ■m ■■口■■ Statement of Scope ·.· 2 Off-by-One errors Programming language Use errors Integer Overflows Bugs and vulnerabilities 7 The Vaunted buffer overflow 7 Finding Bugs and vulnerabilities Source code review Black box testins 10 Glass box testing 10 Chapter 2 Fuzzing -What's that? ,11 Introduction 12 Introduction to Fuzzing 12 Milestones in Fuzzing .14 Fuzzing technol ogy ..16 Traffic Sniffing Prepared Template.........……. ····· ..19 Second-Generation Fuzzing 19 File fuzzing 22 Host-Side monitorin 22 Vulnerability Scanners as fuzzers .22 Uses of Fuzzing 23 Open Source fuzzers ·· ......,,.,.24 Commercial-Grade fuzzers 24 What Comes next 25 The Software Development life Cycle 25 Chapter 3 Building a Fuzzing Environment 27 Introduction 28 Knowing what to Ask .28 Basic Tools and Setup 34 Data points ·· ......34 Crash dumps ···非 ..34 Fuzzer Output 36 Contents Debuggers Recon tools 40 Lint · ..41 OSX ......42 Summary ....44 Chapter 4 Open Source Fuzzing Tools ,,.45 Introduction Frameworks Special-Purpose Tools 48 General-Purpose Tools .52 Chapter 5 Commercial Fuzzing Solutions..............55 Introduction ......56 Chapter 6 Build Your Own Fuzzer Hold Your horses ..,,68 Fuzzer building blocks. ·· One or more valid Data Sets 70 Understanding What Each Bytein the Data Set Means Change the values of the Data Sets While ma ge 11 g the integrity ofthe data Being Sent Recreate the same malformed DataSet Time and Time again......72 An arsenal of malformed values, or the abilityto Create a variety of malformed Outputs 73 Maintain a form of a state machine .74 summarize 75 Down to business ......75 Simplest Fuzz Testing Find Issues 88 Chapter 7 Integration of Fuzzing in the Development Cycle 91 Introduction ..92 Why Is Fuzzing Important to Include in a Software Development Cycle? Security Testing Workload .93 Setting Expectations for Fuzzers in a Software Development Lifecycle 101 Fuzzing as a panacea Fuzzing tools versus 103 Setting the plan for Implementing Fuzzers into a Software Development lifecycle 103 Setting goals .104 Building and executing on the plan Understanding How to Increase Effectiveness of Fuzzers and Avoiding Any Big Gotchas Contents X Hidden costs Finding more vulnerabilities .....119 ummary:·· ·.· ..126 Solutions fast track .....126 Frequently Asked Questions 130 Chapter 8 Standardization and certification ........................133 Fuzzing and the corporate environment 134 Software security testing the challenges 134 Testing for Securi 135 Fuzzing as a viable option 137 Business pressure 138 Software security certification .....139 Meeting Standards and Compliance 139 Tester Certification 140 Industry pr 140 Antivirus Product Testing and Certification 140 Chapter 9 What Is a file? 143 Introduction .144 Are File Fuzzers special? ·.· 145 Analyzing and Building Files............ .149 Textual fil 150 B files 151 Running the Test 156 Monitoring the Application with the Test Cases ......161 Chapter 10 Code Coverage and Fuzzing.............. 163 Introduction ·· ..........164 Code coverage ··· ......164 Obtaining Code Coverage 167 Instrumenting the Binary 167 Monitoring a Closed Source application .169 Improving Fuzzing with Code Coverage 171 Manual improvements 174 Dynamically generating Code Coverage Improvements........ 181 Statically Generating Code Coverage............... 185 Weaknesses of Code Coverage ..188 Summary ··· 190 Solutions fast track 190 Frequently Asked Questions 192 Index n,,,,,193 【实例截图】
【核心代码】
Product Details Paperback: 210 pages Publisher: Syngress; 1 edition (December 28, 2007) Language: English ISBN-10: 1597491950 ISBN-13: 978-1597491952 Product Dimensions: 7.5 x 0.5 x 9.2 inches
This page intentionally left blank Elsevier, InC, the author(s), and any person or firm involved in the writing, editing, or production(collectively Makers")of this book("the Work")do not guarantee or warrant the results to be obtained from the Work There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold As IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state In no event will Makers be liable to you for damages, includi loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files yngress Media, Syngress, "Career Advancement Through Skill Enhancement, ""Ask the Author UPDATE and Hack Proofing, are registered trademarks of Elsevier, Inc "Syngress: The Definition of a Serious Security Library", "Mission Critical, and"The Only Way to Stop a hacker is to Think Like One are trademarks of Elsevier, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies PUBLISHED BY Syngress Publishing, Inc Elsevier. I 30 Corporate drive Burlington, MA 01803 Open Source Fuzzing Tools Copyright C 2007 by Elsevier, Inc. All rights reserved. Printed in the United States of America E It Act of 1976, no part of this publicati duced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered stored, and executed in a computer system, but they may not be reproduced for publication Printed in the United States of america 1234567890 ISBN13:978-1-59749195-2 Publisher: Amorette pedersen Cover Designer SPi Acquisitions Editor: Patrice Rapalus Page layout and Art: SPi For information on rights, translations, and bulk sales, contact Matt Pedersen, Commercial Sales Director andRightsatSyngressPublishingemailm.pedersen(@elsevier.com This page intentionally left blank Contributing Authors Gadi Evron is Security evangelist for Beyond security, chief editor of the SecuriTeam portal and recognized globally for his work and leadership in Internet security operations. He is the founder of the Zeroday Emergency Response Team(ZERT), organizes and chairs worldwide conferences, working groups and task forces. He is considered an expert on corporate security and counterespionage, botnets, e-fraud and phishing. Previously, Gadi was Ciso at the Israeli government isp(e Government project)and founded the israeli Government cert. he has authored two books on information security and is a frequent lecturer Noam Rathaus is the co-founder and cto of Beyond security He holds an electrical engineering degree from Ben Gurion University and has been checking the security of computer systems from the age of 13. He is also the editor-in-chief of SecuriTeam. com, one of the largest vulnerability databases and security portals on the Internet Robert Fly is a Director of product Security at Salesforce. com where he works with the great folks there to help deliver a service that the world can trust. At Salesforce. com he heads up the company-wide effort for building security into the development lifecycle. Prior to Salesforce. com Robert worked at Microsoft for about eight years, the last few spent in the real Time Collaboration group as a Software Security lead heading up a team of very talented individuals responsible for ensuring the security of those products Aviram Jenik is CEO of Beyond Security and contributor to SecuriTeam. com David maynor is cto of Errata Security, a consulting and product testing cybersecurity company Charlie Miller spent five years as a global Network Exploitation analyst for the National Security Agency. During this time, he identified weaknesses and vulnerabilities in computer networks and executed numerous successful computer network exploitations against foreign targets. He sought and iscovered vulnerabilities against security critical network code, including web servers and web applications. Since then, he has worked as a Senior Security architect for a financial firm and currently works as a principal Security analyst for Independent Security Evaluators, a security firm. He has spoken at the Workshop on the Economics of Information Security, Black hat. and DefCon He has a B.S. from Truman State University and a ph. D. from the University of Notre Dame Yoav Naveh works as an r &d team leader for mclean based beyond Security and one of the chief developers of the bestorM fuzzing framework He is a security researcher with 8 years of experience. He holds the rank of Captain in the Israeli Defense Force (ret. and is a leading authority in the blackbox testing field Contents Chapter 1 Introduction to Vulnerability Research ■m ■■口■■ Statement of Scope ·.· 2 Off-by-One errors Programming language Use errors Integer Overflows Bugs and vulnerabilities 7 The Vaunted buffer overflow 7 Finding Bugs and vulnerabilities Source code review Black box testins 10 Glass box testing 10 Chapter 2 Fuzzing -What's that? ,11 Introduction 12 Introduction to Fuzzing 12 Milestones in Fuzzing .14 Fuzzing technol ogy ..16 Traffic Sniffing Prepared Template.........……. ····· ..19 Second-Generation Fuzzing 19 File fuzzing 22 Host-Side monitorin 22 Vulnerability Scanners as fuzzers .22 Uses of Fuzzing 23 Open Source fuzzers ·· ......,,.,.24 Commercial-Grade fuzzers 24 What Comes next 25 The Software Development life Cycle 25 Chapter 3 Building a Fuzzing Environment 27 Introduction 28 Knowing what to Ask .28 Basic Tools and Setup 34 Data points ·· ......34 Crash dumps ···非 ..34 Fuzzer Output 36 Contents Debuggers Recon tools 40 Lint · ..41 OSX ......42 Summary ....44 Chapter 4 Open Source Fuzzing Tools ,,.45 Introduction Frameworks Special-Purpose Tools 48 General-Purpose Tools .52 Chapter 5 Commercial Fuzzing Solutions..............55 Introduction ......56 Chapter 6 Build Your Own Fuzzer Hold Your horses ..,,68 Fuzzer building blocks. ·· One or more valid Data Sets 70 Understanding What Each Bytein the Data Set Means Change the values of the Data Sets While ma ge 11 g the integrity ofthe data Being Sent Recreate the same malformed DataSet Time and Time again......72 An arsenal of malformed values, or the abilityto Create a variety of malformed Outputs 73 Maintain a form of a state machine .74 summarize 75 Down to business ......75 Simplest Fuzz Testing Find Issues 88 Chapter 7 Integration of Fuzzing in the Development Cycle 91 Introduction ..92 Why Is Fuzzing Important to Include in a Software Development Cycle? Security Testing Workload .93 Setting Expectations for Fuzzers in a Software Development Lifecycle 101 Fuzzing as a panacea Fuzzing tools versus 103 Setting the plan for Implementing Fuzzers into a Software Development lifecycle 103 Setting goals .104 Building and executing on the plan Understanding How to Increase Effectiveness of Fuzzers and Avoiding Any Big Gotchas Contents X Hidden costs Finding more vulnerabilities .....119 ummary:·· ·.· ..126 Solutions fast track .....126 Frequently Asked Questions 130 Chapter 8 Standardization and certification ........................133 Fuzzing and the corporate environment 134 Software security testing the challenges 134 Testing for Securi 135 Fuzzing as a viable option 137 Business pressure 138 Software security certification .....139 Meeting Standards and Compliance 139 Tester Certification 140 Industry pr 140 Antivirus Product Testing and Certification 140 Chapter 9 What Is a file? 143 Introduction .144 Are File Fuzzers special? ·.· 145 Analyzing and Building Files............ .149 Textual fil 150 B files 151 Running the Test 156 Monitoring the Application with the Test Cases ......161 Chapter 10 Code Coverage and Fuzzing.............. 163 Introduction ·· ..........164 Code coverage ··· ......164 Obtaining Code Coverage 167 Instrumenting the Binary 167 Monitoring a Closed Source application .169 Improving Fuzzing with Code Coverage 171 Manual improvements 174 Dynamically generating Code Coverage Improvements........ 181 Statically Generating Code Coverage............... 185 Weaknesses of Code Coverage ..188 Summary ··· 190 Solutions fast track 190 Frequently Asked Questions 192 Index n,,,,,193 【实例截图】
【核心代码】
标签:
好例子网口号:伸出你的我的手 — 分享!
小贴士
感谢您为本站写下的评论,您的评论对其它用户来说具有重要的参考价值,所以请认真填写。
- 类似“顶”、“沙发”之类没有营养的文字,对勤劳贡献的楼主来说是令人沮丧的反馈信息。
- 相信您也不想看到一排文字/表情墙,所以请不要反馈意义不大的重复字符,也请尽量不要纯表情的回复。
- 提问之前请再仔细看一遍楼主的说明,或许是您遗漏了。
- 请勿到处挖坑绊人、招贴广告。既占空间让人厌烦,又没人会搭理,于人于己都无利。
关于好例子网
本站旨在为广大IT学习爱好者提供一个非营利性互相学习交流分享平台。本站所有资源都可以被免费获取学习研究。本站资源来自网友分享,对搜索内容的合法性不具有预见性、识别性、控制性,仅供学习研究,请务必在下载后24小时内给予删除,不得用于其他任何用途,否则后果自负。基于互联网的特殊性,平台无法对用户传输的作品、信息、内容的权属或合法性、安全性、合规性、真实性、科学性、完整权、有效性等进行实质审查;无论平台是否已进行审查,用户均应自行承担因其传输的作品、信息、内容而可能或已经产生的侵权或权属纠纷等法律责任。本站所有资源不代表本站的观点或立场,基于网友分享,根据中国法律《信息网络传播权保护条例》第二十二与二十三条之规定,若资源存在侵权或相关问题请联系本站客服人员,点此联系我们。关于更多版权及免责申明参见 版权及免责申明
网友评论
我要评论