Problem Solving 101 with Ari Takanen – About integrating fuzzing into the SDLC

At Artech House, we ask our authors what problems their books can help readers solve. In this series, we share what our authors aim to do in their writing. Read on to find out what Ari Takanen, who, along with Jared D. Demott, Charles Miller, Atte Kettunen wrote Fuzzing for Software Security Testing and Quality Assurance, Second Edition had to say:

How and why to integrate fuzzing into the software development lifecycle (SDLC)

Ari Takanen author interview

What are some problems your book can help readers solve?

  • Software is infested with security flaws that cause crashes and that can be misused by hackers
  • Test automation does not cover negative testing or crash testing of software
  • Security experts are relying on penetration tests that focus in finding old known flaws
  • New security flaws are not found with current software testing and security auditing techniques
  • Similar software bugs and programming mistakes re-emerge constantly in software, and are mostly found by external hackers

What are the features of your book and the specific benefits a reader can expect to derive from those features?  

Security flaws early discovery

Feature: Fuzzing explained as a test automation tool

Benefit: Critical security flaws can be found by software developers. Security flaws can be found early in software development life-cycle, before software launch.

Previous security flaws discovery

Feature: Fuzzing explained as a security auditing tool

Benefit: Auditing software developed by others can be automated. Fuzzing finds previously unknown, often exploitable flaws in software without requiring source code.

Fuzzing techniques

Feature: Various fuzzing techniques explained

Benefit: Helps to select right tools and techniques for different purposes and phases in software life-cycle

Education applications

Feature: Fuzzing is explained focusing on various tools, techniques, history, and metrics.

Benefit: Book works as a reference, it does not get quickly outdated, and can be used in education.

Please name the audiences at which this book is aimed. How will this audience use your book?

  • Software developers: Understand how software is built so that it can be tested for security.
  • Software testers: Understand test automation techniques for finding security critical flaws in software.
  • Security auditors: Help in selecting the right blackbox testing tools for auditing software when source code is not available.
  • Academics, students and teachers: Learn various techniques, tools and use cases for test automation and fuzzing, and also understand the history in how fuzzing came to become commonly used software testing technique.

For more information or to order, click here.

Leave a Reply

Your email address will not be published.