Industrial-Sized Deals TextBTS15 Shop Women's Handbags Learn more nav_sap_SWP_6M_fly_beacon Disturbed Storm Fire TV Stick Subscribe & Save Find the Best Purina Pro Plan for Your Pet Shop Popular Services Home Theater Setup Plumbing Services Assembly Services Shop all tmnt tmnt tmnt  Amazon Echo Starting at $99 Kindle Voyage The Walking Dead\ Gear Up for Football Deal of the Day

A Bug Hunter's Reading List

Dino A. Dai Zovi
The list author says: "So you want to hunt bugs, eh? Learning how to hunt bugs no longer requires reading every issue of phrack from the last decade, you can get started by reading a few good books and spending some quality reading time on your nearest couch or beach.

This list covers the basic skills of software testing, fuzzing, reverse engineering, source code and binary security analysis, and exploitation. And I threw in a book on rootkits, just for fun."
A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
"This book's emphasis on the process of bug hunting makes it the ideal book to start with. If you get hooked on bug hunting from this book, then you should read the rest of the books on this list for more in-depth knowledge."
Hacking: The Art of Exploitation, 2nd Edition
Hacking: The Art of Exploitation, 2nd Edition
"This book does a great job of covering C programming, assembly programming, vulnerability discovery, and exploitation all in one.  This book makes a great follow-up to a Bug Hunter's Diary with more in-depth technical information."
The Art of Software Security Testing: Identifying Software Security Flaws
The Art of Software Security Testing: Identifying Software Security Flaws
"Shameless self-promotion.  This book is a lightweight book on software security testing and assessment.  It covers basic software security testing methodologies, web security testing proxies, fuzzing, and crash analysis."
The Mac Hacker's Handbook
The Mac Hacker's Handbook
"More shameless self-promotion.  Hacking modern Windows and Linux systems is hard work, hacking Macs is much more fun.  They are a good place to get started writing exploits because they don't have the level of exploit mitigations like address space layout randomization and non-executable memory and that other modern systems have."
Fuzzing: Brute Force Vulnerability Discovery
Fuzzing: Brute Force Vulnerability Discovery
"Fuzzing is the easiest way to shake out some low hanging security vulnerabilities.  This book covers fuzzing in depth and presents a number of different approaches and tools."
Fuzzing for Software Security Testing and Quality Assurance (Artech House Information Security and Privacy)
Fuzzing for Software Security Testing and Quality Assurance (Artech House Information Security and Privacy)
"This is the textbook on fuzzing from the future where this is actually taught in Software Engineering curricula."
The C Programming Language
The C Programming Language
"You'll need to know C."
Expert C Programming: Deep C Secrets
Expert C Programming: Deep C Secrets
"You'll need to know C well, this book takes you deeper than most C books and covers linking and loading, compilers, and other C subtleties."
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
"This is the Security Bug Bible.  Written by some of the best bug hunters in the business, this book describes software vulnerability classes in a number of programming languages and how to find them via manual source code analysis."
The Art of Assembly Language
The Art of Assembly Language
"You'll need to be familiar with x86 assembly."
The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
"IDA Pro is the de facto reverse engineering tool.  A familiarity with this tool is necessary for even casual static binary security analysis.  An older version of IDA Pro is provided as freeware, so there is no excuse not to be familiar with it."
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
"Get a little more in-depth on reverse engineering."
Exploiting Software: How to Break Code
Exploiting Software: How to Break Code
"A good book covering a range of basic exploitation techniques."
The Shellcoder's Handbook: Discovering and Exploiting Security Holes
The Shellcoder's Handbook: Discovering and Exploiting Security Holes
"The Shellcoder's Handbook is perhaps the best book around on advanced exploitation techniques.  Your friends will be jealous if you can understand everything in it."
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
"This is the quintessential book on rootkits, with an awesome cover to boot.  This is one case where you can judge a book by its cover."