One of the things my mother always said I was good at was breaking things. Apparently, as a young Evangelist, I chose to be an agent of entropy. I guess I always have been a huge fan of how things are continually breaking down and according to my mother at least, I did a lot to help them along the way. My mother just loves to tell stories about me taking things apart (clocks, radios, tv sets, lamps, my sister….) but I will save you from those, unless you choose to have coffee with my mother some day… 🙂
Today though, breaking software applications and studying how they fail has become a huge part of my work. I study how they fail, what causes the underlying issues, how those bad decisions could be exploited and what makes applications, devices and other things, tick. I am truly a student and professor of entropy.
You too can participate in these exercises. Tons of new tools are available to fuzz a variety of things, or you could choose to write your own fuzzers (this was a very worthwhile thing for me and led me to create “Defensive Fuzzing” which is the core of the HornetPoint defensive tools). (Patent Pending)
Here is a quick list of some books, papers and tools that you might want to explore if you are interested in playing with and learning from these techniques:
Fuzz testing – Wikipedia, the free encyclopedia
Ethical Hacking and Penetration Testing: Fuzzers – The ultimate list
Amazon.com: Fuzzing: Brute Force Vulnerability Discovery: Michael …
Wfuzz – A Tool for Bruteforcing/Fuzzing Web Applications | Darknet …
These links should give you plenty of materials and links to tools. I would highly encourage any security folks to set up a small lab, try the tools and just learn a bit about breaking applications. You will be surprised at how easy it is and how much insight it will give you into information security. Give it a shot and let me know how it goes!
Another fuzzing book:
Takanen, DeMott and Miller: “Fuzzing for Software Security Testing and Quality Assurance” from Artech House.
You can win a free copy of the book from here:
Check out also: