Reddit reviews Fuzzing: Brute Force Vulnerability Discovery
We found 3 Reddit comments about Fuzzing: Brute Force Vulnerability Discovery. Here are the top ones, ranked by their Reddit score.
Hmm, I haven't read any of these books but they are from similar threads:
The Art of Exploitation
Fuzzing: Brute Force Vulnerability Discovery
And for a general overview Security Engineering
Some of them look lame tbh - but they are the commonly suggested books from other threads.
What are those books like that you already have would you recommend them?
Fuzzing is subclass of negative testing. It usually involves sending malformed or unexpected inputs at an interface (socket, file parser, etc). It's one of the techniques bad guys use to find buffer overruns and other exploitable defects in software. My favorite book on the subject is this one:
http://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119
I'm pretty interested in fuzzing myself, as I suspect a lot of people are starting to have their interest piqued. It's a relatively new field of vulnerability discovery, so there's actually quite a bit of room for innovation and research. My go-to resource on the topic thus far has been Fuzzing: Brute Force Vulnerability Discovery.
In terms of locating resources regarding web application specific information, OWASP is a great launching point. I would say a large amount of the resources you'd need to begin learning will be available online, largely for free.
I'd honestly start with web application vulnerabilities if I were you, and move on to more system-level vulnerability exploitation if/when you feel the need. Languages with features like automatic garbage collection have been phasing out vulnerabilities found in the wild for a while now, and while they're not impossible to find, they're definitely improbable. So in terms of time spent and versus vulnerabilities discovered, this is the better bet.