SecurityCertified

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Wednesday, March 14, 2012

Impressions: Fuzzing

Posted on 3:00 AM by Unknown
Fuzzing by Michael Sutton, Adam Greene and Pedram Amini struck me as a good overview of many types of fuzzing techniques. If you read the Amazon.com reviews, particularly the verdict by Chris Gates, you'll see what I mean. For my purposes, the degree to which the authors covered the material was just right. If you're more in the trenches with this topic, you would probably want more from a book on fuzzing.

I liked the following aspects of the book: integration of history, real examples, diversity of approaches, case studies, and examples. I thought the book was easy to read and well presented. Paired with more specific, newer books on finding vulnerabilities, I think Fuzzing is a winner.

My only real dislike involved the quotes by former US President George W. Bush at the start of each chapter. I thought they were irrelevant and a distraction.

Tweet

Email ThisBlogThis!Share to XShare to Facebook
Posted in impressions | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • DojoCon Videos Online
    Props to Marcus Carey for live streaming talks from DojoCon . I appeared in my keynote , plus panels on incident response and cloud secur...
  • Mandiant Webinar Wednesday; Help Us Break a Record!
    I'm back for the last Mandiant Webinar of the year, titled State of the Hack: It's The End of The Year As We Know It - 2011 . And y...
  • Bejtlich Speaking at TechTarget Emerging Threats Events in Seattle and New York
    I will be speaking at two events organized by TechTarget , for whom I used to write my Snort Report and Traffic Talk articles. The one-da...
  • Hakin9 04/2009 Issue
    I just received a review copy of the 04/2009 Hakin9 magazine. I am most interested in reading part two of Tyler Hudak 's article on au...
  • Human Language as the New Programming Language
    If you've read the blog for a while you know I promote threat-centric security in addition to vulnerability-centric security. I think ...
  • Guest Post on SecureThinking about Cyber Shockwave
    BT asked me to write a guest post on their blog, so I provided a new Reaction to Cyber Shockwave . I hadn't really addressed one of the...
  • Review of Web Security Testing Cookbook Posted
    Amazon.com just posted my five star review of Web Security Testing Cookbook by Paco Hope and Ben Walther. From the review : I just wrote ...
  • Review of The Web Application Hacker's Handbook Posted
    Amazon.com just posted my five star review of The Web Application Hacker's Handbook by Dafydd Stuttard and Marcus Pinto. From the rev...
  • Bejtlich Returns to PaulDotCom Podcast
    The guys at PaulDotCom posted the podcast .mp3 (39 MB) they conducted last week . It was another debate between myself and Ron Gula. We ...
  • Bejtlich Teaching Special Session of TCP/IP Weapons School at GTEC DC
    Through a custom arrangement with Black Hat I am pleased to announce that I will teach a special session of TCP/IP Weapons School 3.0 at t...

Categories

  • afcert
  • Air Force
  • analysis
  • announcement
  • apt
  • attribution
  • bestbook
  • blackhat
  • books
  • breakers
  • bro
  • bruins
  • certification
  • china
  • cisco
  • cissp
  • cloud
  • clowns
  • commodore
  • conferences
  • controls
  • correlation
  • counterintelligence
  • cybercommand
  • cyberwar
  • dfm
  • education
  • engineering
  • feds
  • fisma
  • freebsd
  • GE
  • ge-cirt
  • hakin9
  • history
  • impressions
  • information warfare
  • ipv6
  • law
  • leadership
  • malware
  • mandiant
  • microsoft
  • mssp
  • nsm
  • offense
  • oisf
  • packetstash
  • philosophy
  • pirates
  • powerpoint
  • press
  • psirt
  • reading
  • redteam
  • reviews
  • russia
  • sans
  • sec
  • sguil
  • snorby
  • spying
  • threat model
  • threats
  • Traffic Talk
  • training
  • tufte
  • tv
  • ubuntu
  • usenix
  • verizon
  • vulnerabilities
  • wisdom
  • writing

Blog Archive

  • ►  2013 (16)
    • ►  September (1)
    • ►  August (1)
    • ►  June (2)
    • ►  April (2)
    • ►  March (1)
    • ►  February (3)
    • ►  January (6)
  • ▼  2012 (60)
    • ►  December (4)
    • ►  November (5)
    • ►  October (3)
    • ►  September (10)
    • ►  August (2)
    • ►  July (6)
    • ►  June (6)
    • ►  May (4)
    • ►  April (2)
    • ▼  March (9)
      • Inside a Commission Hearing on the Chinese Threat
      • Impressions: Fuzzing
      • Impressions: Hunting Security Bugs
      • Impressions: The Web Application Hacker's Handbook...
      • Impressions: Web Application Security: A Beginner'...
      • Review of SSH Mastery Posted
      • Bejtlich's Take on RSA 2012
      • Keep CIRT and Internal Investigations Separate
      • TaoSecurity Blog Wins Most Educational Security Blog
    • ►  February (6)
    • ►  January (3)
  • ►  2011 (108)
    • ►  December (3)
    • ►  November (7)
    • ►  October (11)
    • ►  September (9)
    • ►  August (18)
    • ►  July (10)
    • ►  June (5)
    • ►  May (4)
    • ►  April (13)
    • ►  March (17)
    • ►  February (2)
    • ►  January (9)
  • ►  2010 (193)
    • ►  December (14)
    • ►  November (11)
    • ►  October (6)
    • ►  September (16)
    • ►  August (15)
    • ►  July (26)
    • ►  June (15)
    • ►  May (15)
    • ►  April (15)
    • ►  March (16)
    • ►  February (19)
    • ►  January (25)
  • ►  2009 (123)
    • ►  December (10)
    • ►  November (17)
    • ►  October (21)
    • ►  September (13)
    • ►  August (20)
    • ►  July (21)
    • ►  June (21)
Powered by Blogger.

About Me

Unknown
View my complete profile