A Bug Hunter's Reading List

A Listmania! list by Dino A. Dai Zovi (Brooklyn, NY United States)
The list author says: "So you want to hunt bugs, eh? Learning how to hunt bugs no longer requires reading every issue of phrack from the last decade, you can get started by reading a few good books and spending some quality reading time on your nearest couch or beach.

This list covers the basic skills of software testing, fuzzing, reverse engineering, source code and binary security analysis, and exploitation. And I threw in a book on rootkits, just for fun."
A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
1.  A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security by Tobias Klein
The list author says:
  "This book's emphasis on the process of bug hunting makes it the ideal book to start with. If you get hooked on bug hunting from this book, then you should read the rest of the books on this list for more in-depth knowledge."
$28.19   Used & New from: $12.13
4.6 out of 5 stars  See all reviews (26 customer reviews)

Hacking: The Art of Exploitation, 2nd Edition
2.  Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson
The list author says:
  "This book does a great job of covering C programming, assembly programming, vulnerability discovery, and exploitation all in one.  This book makes a great follow-up to a Bug Hunter's Diary with more in-depth technical information."
$28.97   Used & New from: $17.98
4.5 out of 5 stars  See all reviews (81 customer reviews)

The Art of Software Security Testing: Identifying Software Security Flaws
3.  The Art of Software Security Testing: Identifying Software Security Flaws by Elfriede Dustin
The list author says:
  "Shameless self-promotion.  This book is a lightweight book on software security testing and assessment.  It covers basic software security testing methodologies, web security testing proxies, fuzzing, and crash analysis."
$45.32   Used & New from: $27.21
4.3 out of 5 stars  See all reviews (6 customer reviews)

The Mac Hacker's Handbook
4.  The Mac Hacker's Handbook by Dino Dai Zovi
The list author says:
  "More shameless self-promotion.  Hacking modern Windows and Linux systems is hard work, hacking Macs is much more fun.  They are a good place to get started writing exploits because they don't have the level of exploit mitigations like address space layout randomization and non-executable memory and that other modern systems have."
$34.56   Used & New from: $11.49
4.3 out of 5 stars  See all reviews (7 customer reviews)

Fuzzing: Brute Force Vulnerability Discovery
5.  Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton
The list author says:
  "Fuzzing is the easiest way to shake out some low hanging security vulnerabilities.  This book covers fuzzing in depth and presents a number of different approaches and tools."
$40.88   Used & New from: $18.93
4.2 out of 5 stars  See all reviews (4 customer reviews)

Fuzzing for Software Security Testing and Quality Assurance (Artech House Information Security and Privacy)
6.  Fuzzing for Software Security Testing and Quality Assurance (Artech House Information Security and Privacy) by Ari Takanen
The list author says:
  "This is the textbook on fuzzing from the future where this is actually taught in Software Engineering curricula."
$65.23   Used & New from: $55.94
3.0 out of 5 stars  See all reviews (2 customer reviews)

The C Programming Language, 2nd Edition
7.  The C Programming Language, 2nd Edition by Brian W. Kernighan
The list author says:
  "You'll need to know C."
$51.78   Used & New from: $24.68
4.7 out of 5 stars  See all reviews (432 customer reviews) | 3 customer discussions

Expert C Programming: Deep C Secrets
8.  Expert C Programming: Deep C Secrets by Peter van der Linden
The list author says:
  "You'll need to know C well, this book takes you deeper than most C books and covers linking and loading, compilers, and other C subtleties."
$34.39   Used & New from: $9.49
4.4 out of 5 stars  See all reviews (113 customer reviews)

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
9.  The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by Mark Dowd
The list author says:
  "This is the Security Bug Bible.  Written by some of the best bug hunters in the business, this book describes software vulnerability classes in a number of programming languages and how to find them via manual source code analysis."
$50.79   Used & New from: $37.93
4.9 out of 5 stars  See all reviews (21 customer reviews)

The Art of Assembly Language
10.  The Art of Assembly Language by Randall Hyde
The list author says:
  "You'll need to be familiar with x86 assembly."
Used & New from: $2.65
4.0 out of 5 stars  See all reviews (24 customer reviews) | 1 customer discussion

See buying options
The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
11.  The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler by Chris Eagle
The list author says:
  "IDA Pro is the de facto reverse engineering tool.  A familiarity with this tool is necessary for even casual static binary security analysis.  An older version of IDA Pro is provided as freeware, so there is no excuse not to be familiar with it."
Used & New from: $4.83
5.0 out of 5 stars  See all reviews (11 customer reviews)

See buying options
Reversing: Secrets of Reverse Engineering
12.  Reversing: Secrets of Reverse Engineering by Eldad Eilam
The list author says:
  "Get a little more in-depth on reverse engineering."
$22.05   Used & New from: $8.19
4.6 out of 5 stars  See all reviews (30 customer reviews)

Exploiting Software: How to Break Code
13.  Exploiting Software: How to Break Code by Gary McGraw
The list author says:
  "A good book covering a range of basic exploitation techniques."
$40.65   Used & New from: $0.28
4.3 out of 5 stars  See all reviews (30 customer reviews)

The Shellcoder's Handbook: Discovering and Exploiting Security Holes
14.  The Shellcoder's Handbook: Discovering and Exploiting Security Holes by Chris Anley
The list author says:
  "The Shellcoder's Handbook is perhaps the best book around on advanced exploitation techniques.  Your friends will be jealous if you can understand everything in it."
$35.14   Used & New from: $22.16
4.2 out of 5 stars  See all reviews (31 customer reviews) | 1 customer discussion

Rootkits: Subverting the Windows Kernel
15.  Rootkits: Subverting the Windows Kernel by Greg Hoglund
The list author says:
  "This is the quintessential book on rootkits, with an awesome cover to boot.  This is one case where you can judge a book by its cover."
$42.01   Used & New from: $5.20
4.3 out of 5 stars  See all reviews (25 customer reviews) | 3 customer discussions

More Actions

Discover more about this author
 See all of their Listmania! lists
Make your own list
 Create a Listmania! list
View your page on Amazon.com
 Go to Your Profile page

Customer Discussions about products in this list  
   

About this Listmania!

 

Author

Dino A. Dai Zovi (Brooklyn, NY United States)
Qualifications: Security researcher
Last updated: 11/27/11
Report abuse
    

More Listmania!

 

Computer and Network Security Computer and Network Security

Computer and Network Security: A list of 17 items by Benjamin Caudill "Snort the pig"

Computer Science Faves Computer Science Faves

Computer Science Faves: A list of 7 items by Steve McQueen

An Application Security Reading List An Application Security Reading List

An Application Security Reading List: A list of 17 items by Thomas Ptacek

Bachelors in CS Bachelors in CS

Bachelors in CS: A list of 30 items by william britton freeman

Books for a New Student of Security Books for a New Student of Security

Books for a New Student of Security: A list of 12 items by Daniel Guido

   

More So You'd Like to...