A Bug Hunter's Diary
A Guided Tour Through the Wilds of Software Security
Publisher: No Starch Press
Released: November 2011
Pages: 208

"This is one of the most interesting infosec books to come out in the last several years."
–Dino Dai Zovi, Information Security Professional

"Give a man an exploit and you make him a hacker for a day; teach a man to exploit bugs and you make him a hacker for a lifetime."
–Felix 'FX' Lindner

Seemingly simple bugs can have drastic consequences, allowing attackers to compromise systems, escalate local privileges, and otherwise wreak havoc on a system.

A Bug Hunter's Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular software, like Apple's iOS, the VLC media player, web browsers, and even the Mac OS X kernel. In this one-of-a-kind account, you'll see how the developers responsible for these flaws patched the bugs—or failed to respond at all. As you follow Klein on his journey, you'll gain deep technical knowledge and insight into how hackers approach difficult problems and experience the true joys (and frustrations) of bug hunting.

Along the way you'll learn how to:

  • Use field-tested techniques to find bugs, like identifying and tracing user input data and reverse engineering
  • Exploit vulnerabilities like NULL pointer dereferences, buffer overflows, and type conversion flaws
  • Develop proof of concept code that verifies the security flaw
  • Report bugs to vendors or third party brokers

A Bug Hunter's Diary is packed with real-world examples of vulnerable code and the custom programs used to find and test bugs. Whether you're hunting bugs for fun, for profit, or to make the world a safer place, you'll learn valuable new skills by looking over the shoulder of a professional bug hunter in action.

Table of Contents
Product Details
About the Author
Recommended for You
Customer Reviews

REVIEW SNAPSHOT®

by PowerReviews
oreillyA Bug Hunter's Diary
 
4.0

(based on 1 review)

Ratings Distribution

  • 5 Stars

     

    (0)

  • 4 Stars

     

    (1)

  • 3 Stars

     

    (0)

  • 2 Stars

     

    (0)

  • 1 Stars

     

    (0)

Reviewed by 1 customer

Displaying review 1

Back to top

(1 of 1 customers found this review helpful)

 
4.0

Entertaining Overview for C-Saavy Reader

By Jason Wadsworth

from Boston, MA

About Me Developer, Sys Admin

Verified Reviewer

Pros

  • Helpful examples
  • Well-written

Cons

  • Not comprehensive enough

Best Uses

  • Intermediate

Comments about oreilly A Bug Hunter's Diary:

Summary

A Bug Hunter's Diary describes the technical details of how the author identified and analyzed software security bugs. It doesn't get into exploiting the bugs because, as the author points out at the end of every chapter, it's illegal to publish exploits in Germany.

I expected a light treatment based on the cute title and cover, but it was mostly C code, debuggers and assembly. I was a little out of my element, but it was interesting. The appendices explaining how stack overflows, etc. can occur and how they can be exploited (roughly) were helpful and interesting. The bug diaries were a little repetitive, but they at least covered a range of platforms.

Bottom Line

You'll need some understanding of assembly, c, and how memory allocation works. But that background, the book and a bit of Googling to learn more about how the exploits work make for a solid, entertaining overview of the life cycle of security bugs.

Displaying review 1

Back to top

 
Buy 2 Get 1 Free Free Shipping Guarantee
Buying Options
Immediate Access - Go Digital what's this?
Ebook: $31.95
Formats:  ePub, Mobi, PDF
Print & Ebook: $43.95
Print: $39.95