I really enjoyed reading Fuzzing. The book has a ton of really great information. The majority of the content I was interested in pertained to the application and web application fuzzing. The book starts with a background on vulnerability discovery methods. It then covers the different methods and types of fuzzer?s.The good stuff starts in the second part of the book on, "targets and automation." The chapter on "web application and server fuzzing automation" has some interesting ideas I hadn?t considered. I also liked the chapters on network protocol fuzzing on Windows and UNIX.
Throughout the book it shares tools, code and examples available for download from the fuzzing.org website. I have been working a lot recently with Samurai Web Testing Framework Live-CD creating some video tutorials, that I hope to release soon, and I used some of the examples in the book. I also played with a little C# and created the generic fuzzing tool that was given in the book. I am adding some features to work in a few class activates I would like to implement.
Overall I think the book is great for anyone that is in development, system administration or pen-testing. I learned a lot and I think others would to, but be warned this book is intense. I spent about 8 or 9 weeks with this book because every time I learned something new I wanted to try it out.
If you have read this book or others like it I would like to read your comments.
