Customer comments on this selection.
 Excellent introduction to fuzzing
Perhaps a more appropriate title would be: "Fuzzing for Dummies" or "Fuzzing 101"- but I mean this in a really good way. Why I say this is because of how the book is set up, starting with the background history of fuzzing, and many variations of what fuzzing really is. These are excellent so those who may not have this background don't jump in blindly to this area. For example, Chapter 3 goes into the Fuzzing Methods and Chapter 4 discusses Data Representation. While not lengthy discussions, they are good to set up for the actual doing part in the rest of the book
br /
br /I liked that the book starts out with what fuzzing is good for, the steps that you have to take for it to be successful, and what fuzzing is not good at. It explains how vectors like access control issues, and design flaws fit into this category. Knowing this up front saves a lot of head banging later on down the road. It's also good that the authors point out that they are merely defining fuzzing in their specific realm: talk to others and you are going to find a whole different explanation. This is OK though- most of the security industry is like that.
br /
br /Part II of the book starts to get into the heart of things, discussing the components required for fuzzing, more details into the tool they built called "WebFuzz" and then dive into the tests themselves. The author's openness in telling us what they did, then how it works, then tell you all the things to make it better makes this book even more valuable. Good efforts to share useful things and make them a community effort with proper guidance are never a bad thing. Plus, if you are interested in helping, this guidance gives you somewhere to start.
br /
br /Essentially, this book gives you the blueprint of fuzzing and a bunch of ideas on how to get started down a more advanced path. Well written with good explanations of how the authors got where they got to as well a useful tool to get you started (located on their companion website), this book gives you the toolkit of building blocks for your future fuzzing endeavors.
br /
 _The_ fuzzing book
Alright, the title cannot be more straightforward. This is basically _the_ book on fuzzing, a vulnerability discovery methodology, covering several fuzzing methods such as env variable and argv variable fuzzing, web, file format, network protocol, etc (more on the table of contents).
br /
br /The book itself is very well structured. Starts with an introduction to fuzzing with some history, presenting the different types of fuzzing methods and fuzzers in part one of the book. Next, every fuzzing method is covered. First, some theory on a particular method is presented. Afterwards, the book gets into action, explaining how to carry on the fuzz previously covered. Some methods are approached differently on Windows and Linux platforms, so the author will dedicate a chapter to each of these.
br /
br /I haven't finished the book yet, but so far, I would say having some knowledge on C/C++ definitely helps. I would say it's recommended for the reader to know C/C++ or at least be familiarized with a programming language to follow the book with ease.
br /
br /I've seen other books where explanations and source codes are misplaced and do not match; well, not in this one. As I said before, it is very well structured, and the editing and revision looks thoughtfully elaborated.
br /
br /Before buying this book I took a really deep thought about what does a bear and a fish on the cover have to do with software security and fuzzing. Well, don't let the cover fool you. The contents of the book are really good. Actually, after reading the first couple chapters, you'll get to know the meaning of the cover and will love it.
br /
br /Also, it is important to mention that this book is not one of those "all-in-one bundle of articles stacked up and stapled together". I would say this book is more of a complete tutorial for the newbie and a reference for the already-knowledgeable expert. I am a newbie in this topic and this book is making the journey a very pleasant experience.
Great book
In this book the authors do a number of things that are worth reading:
br /o Document how and why SPIKE works (and implement their own block-based fuzzer sulley)
br /o Go through the process of writing a .flv fuzzer
br /o Go through the process of writing a Python ActiveX fuzzer, which was probably my favorite part.
br /o Talk about the downsides of various kinds of fuzzing. For example, when is fuzzing with a genetic algorithm not the right thing to do?
br /
br /That alone made this a great book.
Great on Theory...Pretty Good on Execution
I anxiously awaited reading and putting this book to use. Fuzzing is one of those "mystical" concepts that the people cranking out exploits were doing and I wanted to be able to use some of the publicly available fuzzers to fuzz for vulnerabilities and join the ranks.
br /
br /From the back cover: "...Now, its your turn. In this book, renowned fuzzing experts show you how to use fuzzing to reveal weaknesses in your software before someone else does."
br /
br /I thought the book excellently covered the theory portions of fuzzing. The format of theory/background of a fuzzing method (Environment Variable and Argument Fuzzing, Web Application and Server fuzzing, File Format Fuzzing, Network Protocol Fuzzing, Web Browser Fuzzing, and In-Memory Fuzzing) followed with that fuzzing method Automation or on Unix and then on Windows worked perfectly. It was a good structure and informative. The Automation or Unix and Windows sections fit in well with the theory sections before it.
br /
br /I think the book falls a bit short on practical execution (case studies) of using the fuzzing tools. Granted I say this based on my own expectations of what I would like to see from a fuzzing book but also from what the authors say in the preface that we will get out of the book. They say, "We detail numerous vulnerabilities throughout the book and discuss how they might have been identifies through fuzzing." Some of the case studies are exactly what I expected like case studies in Chapter 10, the fuzzing with SPIKE section in Chapter 15, and the Complete Walkthru with Sulley in Chapter 21. Some of the others fall a bit short. I expected a lot more out of the ActiveX fuzzing sections (chapter 18), the Shockwave Flash example in Chapter 21 was useful for the discussion of creating a test case for a protocol but after 11 pages of mostly code in the last section we basically get told to load it into PaiMei and "go fuzz", and while the theory parts of chapter's 7 8 were great, telling me to find an AIX 5.3 box to see some example environment variables and argument vulnerabilities was less than useful. It would have been much more useful to use some of today's fuzzing tools to find some old vulnerabilities in something like *BSD or old RedHat distributions, something I might have in the lab or at least something I could install in VMWare.
br /
br /Likes: Theory, background, discussion of how and why they built the "author built" fuzzers they cover in the book, some of the case studies gave me everything I needed to reproduce on my own in the lab. Providing the fuzzers on the companion website was great as well. The George Bush quotes were hilarious as well and made me look forward to each chapter so I could get another quote.
br /
br /Dislikes: some of the case studies I don't think went into enough detail (no step by step instructions), I think the explanations of the blocks of code could have been better and numbering lines so we could refer to them in the text would have helped. The discussion of the existing frameworks was a little bit light (but we do get told to go the companion website for more info). Ideally we would have walked thru a couple of easy examples using multiple fuzzer frameworks to get us from advisory to EIP= 0x41414141. That would have been nice to see.
br /
br /Overall a great book, it has a place on the bookshelf next to shellcoder's handbook and some other programming books and it will be used (many times) as a reference to play with the various fuzzers available out there.
br /
|
