Rating:
(25 reviews)
Author: Visit Amazon's Tobias Klein Page
ISBN : 1593273851
New from $26.48
Format: PDF
Direct download links available Free A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security Paperback from with Mediafire Link Download Link
About the Author
Tobias Klein is a security researcher and founder of NESO Security Labs, an information security consulting and research company based in Heilbronn, Germany. As a vulnerability researcher, Tobias has identified and helped to fix numerous security vulnerabilities. He is the author of two other information security books published in German by dpunkt.verlag of Heidelberg, Germany.
Download latest books on mediafire and other links compilation Free A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
- Paperback: 208 pages
- Publisher: No Starch Press (November 11, 2011)
- Language: English
- ISBN-10: 1593273851
- ISBN-13: 978-1593273859
- Product Dimensions: 0.7 x 6 x 9 inches
- Shipping Weight: 11.2 ounces (View shipping rates and policies)
Free A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
A read of this book may change your view of computer software forever. The real world security holes that it discusses were found in extremely popular software on a variety of different platforms and clearly represent only a few samples of such holes that are common across most software.
While a fairly advanced level of programming knowledge both with high level languages such as C++ and also with low level assembly language is required to be able to fully understand just exactly how everything described in the book works, it isn't necessary to have that in depth knowledge in order to gain some benefit. Since the purpose of each code change is described in detail in the book those without such an in depth programming knowledge can simply take the author's word for it that a given code change will have a particular result and will still be able to gain a greater understanding of just how vulnerable software can be. These are after all real vulnerabilities that the author found in common software that have since been patched. So as well as demonstrating some of the ways in which holes can be found and exploited the author also demonstrates how he has contributed to helping the owners of this software to patch some of the holes in their software and so make the software safer to use.
Perhaps the things that most stand out about software security from this book are first of all just how easily some security holes can be found by someone who has sufficient experience in "bug hunting" and second, just how small a code change is needed in many instances in order to fix these security holes.
In the front of the book the author describes the goals that he had in writing the book and the book definitely achieves those goals.
Once upon a time there were bounty hunters running in the wild to nab those `Most Wanted' criminals and walk away with big bucks. Now we have bug hunters running wild in their computer world not only to put their name on wall of fame but also to reap those rich rewards.
Here in this latest book "Bug Hunter's Diary" we have similar story of another great and inspiring bug hunter, Tobias Klein.
This book gives valuable insights on different techniques of bug hunting and exploiting them successfully. Each of the chapters in this book conforms to the each of the vulnerability discovered by author and written in his own words and style.
Before you proceed to reading, it is good idea to get some basic knowledge on driver concepts including its life cycle, IRP, IOCTL and debugging. As three of eight chapters here deal with driver bugs, this prep will help you to feel at home later on.
If you are new to vulnerability research, I suggest you to start with Appendix A which refreshes concept of stack overflow with practical example, NULL pointer dereferences, type conversion, GOT exploitation techniques which are essential to understand main chapters. Appendix B describes debugging tools along with commands for Solaris(mdb), Linux (gdb), Windows (windbg) and shows how to setup VMware for Kernel Debugging. Final Appendix talks about exploit mitigation techniques such as ASLR, GS, NX, DEP and finishes with detailed description on RELRO for ELF (Linux).
Though fuzzing is most common method used for bug hunting these days, author has used it only in final chapter and rest of the bugs were based on manual & his ingenious approach, that's what separates men from boys.
In chap 2, author talks about the first victim, VLC media player.
-
Download Link 2