Fuzzing Book Review

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here's my Amazon.com review:
http://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery

"""
In this book the authors do a number of things that are worth reading:
o Document how and why SPIKE works (and implement their own
block-based fuzzer sulley)
o Go through the process of writing a .flv fuzzer
o Go through the process of writing a Python ActiveX fuzzer, which was
probably my favorite part.
o Talk about the downsides of various kinds of fuzzing. For example,
when is fuzzing with a genetic algorithm not the right thing to do?

That alone made this a great book.
"""

I was chatting here with Adam about it and there's some good stuff in
it completely unrelated to fuzzing that is quite useful. For example,
the part on how to really use VMWare to do the exact sorts of things
everyone wants to do.

Anyways, so that's my book review for Friday. Next week is another
book by an academic on information warfare. I'd like to play this
drinking game where you drink fine Appleton rum when the author quotes
either Sun Tzu or OODA loops, or both. Pretty much when you're quoting
OODA loops you know you're going the wrong direction. A flowchart does
not a valuable epiphany make.

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHBqCeB8JNm+PA+iURAsmOAJ0YORm2lInSeyu0PDIWYiXkiSu4IACbB2mu
Cw+iNMH+5CTHPtdI8VAktyI=
=qkk3
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave