• A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security See large image

    A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security (Paperback) By (author) Tobias Klein

    Hard to find title available from Book Depository

    $27.17 - Save $14.98 35% off - RRP $42.15 Free delivery worldwide Available
    Dispatched in 2 business days
    When will my order arrive?
    Add to basket | Add to wishlist |

    Description"Give a man an exploit and you make him a hacker for a day; teach a man to exploit bugs and you make him a hacker for a lifetime." -Felix 'FX' Lindner Seemingly simple bugs can have drastic consequences, allowing attackers to compromise systems, escalate local privileges, and otherwise wreak havoc on a system. A Bug Hunter's Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular software, like Apple's iOS, the VLC media player, web browsers, and even the Mac OS X kernel. In this one-of-a-kind account, you'll see how the developers responsible for these flaws patched the bugs-or failed to respond at all. As you follow Klein on his journey, you'll gain deep technical knowledge and insight into how hackers approach difficult problems and experience the true joys (and frustrations) of bug hunting. Along the way you'll learn how to: * Use field-tested techniques to find bugs, like identifying and tracing user input data and reverse engineering * Exploit vulnerabilities like NULL pointer dereferences, buffer overflows, and type conversion flaws * Develop proof of concept code that verifies the security flaw * Report bugs to vendors or third party brokers A Bug Hunter's Diary is packed with real-world examples of vulnerable code and the custom programs used to find and test bugs. Whether you're hunting bugs for fun, for profit, or to make the world a safer place, you'll learn valuable new skills by looking over the shoulder of a professional bug hunter in action.

Other books

Other people who viewed this bought | Other books in this category
Showing items 1 to 10 of 10


Reviews | Bibliographic data
  • Full bibliographic data for A Bug Hunter's Diary

    A Bug Hunter's Diary
    A Guided Tour Through the Wilds of Software Security
    Authors and contributors
    By (author) Tobias Klein
    Physical properties
    Format: Paperback
    Number of pages: 208
    Width: 150 mm
    Height: 226 mm
    Thickness: 20 mm
    Weight: 318 g
    ISBN 13: 9781593273859
    ISBN 10: 1593273851

    BIC E4L: COM
    Nielsen BookScan Product Class 3: S10.2
    B&T Book Type: NF
    B&T Modifier: Region of Publication: 01
    B&T Modifier: Subject Development: 20
    B&T Modifier: Academic Level: 05
    Warengruppen-Systematik des deutschen Buchhandels: 16320
    B&T General Subject: 229
    B&T Modifier: Text Format: 01
    B&T Merchandise Category: COM
    LC subject heading:
    BISAC V2.8: COM051230
    B&T Approval Code: A93663050
    BISAC V2.8: COM053000
    DC22: 005.8
    LC subject heading:
    BIC subject category V2: URH
    BISAC V2.8: COM051240
    LC subject heading:
    Ingram Subject Code: XY
    B&T Approval Code: A93606500
    LC subject heading:
    Libri: DATE6300, DATE6400, SICH0722
    LC subject heading:
    LC classification: QA76.9.D43 K5813 2011
    DC23: 005.8
    Thema V1.0: UYD, URH
    Illustrations note
    black & white line drawings, figures
    No Starch Press,US
    Imprint name
    No Starch Press,US
    Publication date
    01 December 2011
    Publication City/Country
    Daly City, California
    Author Information
    Tobias Klein is a security researcher and founder of NESO Security Labs, an information security consulting and research company based in Heilbronn, Germany. As a vulnerability researcher, Tobias has identified and helped to fix numerous security vulnerabilities. He is the author of two other information security books published in German by dpunkt.verlag of Heidelberg, Germany.
    Table of contents
    Acknowledgments; Introduction; The Goals of This Book; Who Should Read the Book; Disclaimer; Resources; Chapter 1: Bug Hunting; 1.1 1.1 For Fun and Profit; 1.2 1.2 Common Techniques; 1.3 1.3 Memory Errors; 1.4 1.4 Tools of the Trade; 1.5 1.5 EIP = 41414141; 1.6 1.6 Final Note; Chapter 2: Back to the '90s; 2.1 2.1 Vulnerability Discovery; 2.2 2.2 Exploitation; 2.3 2.3 Vulnerability Remediation; 2.4 2.4 Lessons Learned; 2.5 2.5 Addendum; Chapter 3: Escape from the WWW Zone; 3.1 3.1 Vulnerability Discovery; 3.2 3.2 Exploitation; 3.3 3.3 Vulnerability Remediation; 3.4 3.4 Lessons Learned; 3.5 3.5 Addendum; Chapter 4: NULL Pointer FTW; 4.1 4.1 Vulnerability Discovery; 4.2 4.2 Exploitation; 4.3 4.3 Vulnerability Remediation; 4.4 4.4 Lessons Learned; 4.5 4.5 Addendum; Chapter 5: Browse and You're Owned; 5.1 5.1 Vulnerability Discovery; 5.2 5.2 Exploitation; 5.3 5.3 Vulnerability Remediation; 5.4 5.4 Lessons Learned; 5.5 5.5 Addendum; Chapter 6: One Kernel to Rule Them All; 6.1 6.1 Vulnerability Discovery; 6.2 6.2 Exploitation; 6.3 6.3 Vulnerability Remediation; 6.4 6.4 Lessons Learned; 6.5 6.5 Addendum; Chapter 7: A Bug Older Than 4.4BSD; 7.1 7.1 Vulnerability Discovery; 7.2 7.2 Exploitation; 7.3 7.3 Vulnerability Remediation; 7.4 7.4 Lessons Learned; 7.5 7.5 Addendum; Chapter 8: The Ringtone Massacre; 8.1 8.1 Vulnerability Discovery; 8.2 8.2 Crash Analysis and Exploitation; 8.3 8.3 Vulnerability Remediation; 8.4 8.4 Lessons Learned; 8.5 8.5 Addendum; Hints for Hunting; A.1 Stack Buffer Overflows; A.2 NULL Pointer Dereferences; A.3 Type Conversions in C; A.4 GOT Overwrites; Debugging; B.1 The Solaris Modular Debugger (mdb); B.2 The Windows Debugger (WinDbg); B.3 Windows Kernel Debugging; B.4 The GNU Debugger (gdb); B.5 Using Linux as a Mac OS X Kernel-Debugging Host; Mitigation; C.1 Exploit Mitigation Techniques; C.2 RELRO; C.3 Solaris Zones; Updates; Colophon;