Dailydave mailing list archives

Re: School project start: a fuzzer

From: Arun Koshy <arunkoshy () gmail com>
Date: Sat, 9 May 2009 00:53:59 +1000

documented, finished, presented. The question is, how deep can we go (what to
promise in the specification)? My guess is that detecting success during
fuzzing only when application crashes is too lame. "Feedback fuzzing" is maybe
too complicated. What is realistic?


a couple of books on the topic that may be useful :

http://www.amazon.com/Fuzzing-Software-Security-Assurance-Information/dp/1596932147/ref=sr_1_1?ie=UTF8&s=books&qid=1241794318&sr=1-1

http://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921

The authors ( or at least some of them ) hang out on d/d - so perhaps
you can expect responses from them as well ;)
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

School project start: a fuzzer Martin Zember (May 08)
- Re: School project start: a fuzzer Jared DeMott (May 08)
- Re: School project start: a fuzzer Agustin Gianni (May 08)
  - Re: School project start: a fuzzer Jon Oberheide (May 08)
- Re: School project start: a fuzzer Arun Koshy (May 08)
- Re: School project start: a fuzzer nnp (May 08)
- Re: School project start: a fuzzer Adrien Krunch Kunysz (May 08)