Skip to main content
SpringerLink
Log in

Proactive Security Testing and Fuzzing

  • Chapter
ISSE 2009 Securing Electronic Business Processes

Abstract

Software is bound to have security critical flaws, and no testing or code auditing can ensure that software is flaw-less. But software security testing requirements have improved radically during the past years, largely due to criticism from security conscious consumers and Enterprise customers. Whereas in the past, security flaws were taken for granted (and patches were quietly and humbly installed), they now are probably one of the most common reasons why people switch vendors or software providers. The maintenance costs from security updates often add to become one of the biggest cost items to large Enterprise users. Fortunately test automation techniques have also improved. Techniques like model-based testing (MBT) enable efficient generation of security tests that reach good confidence levels in discovering zero-day mistakes in software. This technique is called fuzzing.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  • Eronen, Juhani; Laakso, Marko: A Case for Protocol Dependency. In proceedings of the First IEEE In-ternational Workshop on Critical Infrastructure Protection. Darmstadt, Germany. November 3-4, 2005.

    Google Scholar 

  • Kaksonen, Rauli: A Functional Method for Assessing Protocol Implementation Security (Licentiate thesis). Espoo. 2001. Technical Research Centre of Finland, VTT Publications 447. 128 p. + app. 15 p. ISBN 951-38-5873-1 (soft back ed.) ISBN 951-38-5874-X (on-line ed.).

    Google Scholar 

  • McGraw, Gary; Chess, Brian and Migues, Sammy: Building Security In Maturity Model, http://www.bsi-mm.com, 2009, 53 p.

  • Puolitaival, Olli-Pekka: Model-based testing tools. Presentation at Software Testing Day at TUT. March 25-26, 2008.

    Google Scholar 

  • Takanen, Ari; DeMott, Jared and Miller, Charlie: Fuzzing for Software Security Testing and Quality Assurance. Artech House. 2008. 230p. ISBN 978-1-59693-214-2.

    Google Scholar 

Download references

Authors
  1. Ari Takanen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Norbert Pohlmann Helmut Reimer Wolfgang Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Vieweg+Teubner | GWV Fachverlage GmbH

About this chapter

Cite this chapter

Takanen, A. (2010). Proactive Security Testing and Fuzzing. In: Pohlmann, N., Reimer, H., Schneider, W. (eds) ISSE 2009 Securing Electronic Business Processes. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9363-5_31

Download citation

  • DOI: https://doi.org/10.1007/978-3-8348-9363-5_31

  • Publisher Name: Vieweg+Teubner

  • Print ISBN: 978-3-8348-0958-2

  • Online ISBN: 978-3-8348-9363-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation