Start reading A Bug Hunter's Diary on the free Kindle Reading App or on your Kindle in under a minute. Don't have a Kindle? Get your Kindle here.
Programming Books C Java PHP Python Learn more Browse Programming Books

Deliver to your Kindle or other device

Enter a promotion code
or gift card
 
 
 

Try it free

Sample the beginning of this book for free

Deliver to your Kindle or other device

Sorry, this item is not available in
Image not available for
Color:
Image not available

To view this video download Flash Player

 

A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security [Kindle Edition]

Tobias Klein
4.6 out of 5 stars  See all reviews (28 customer reviews)

Digital List Price: $31.95 What's this?
Print List Price: $39.95
Kindle Price: $17.25
You Save: $22.70 (57%)

Free Kindle Reading App Anybody can read Kindle books—even without a Kindle device—with the FREE Kindle app for smartphones, tablets and computers.

To get the free app, enter your email address or mobile phone number.

Formats

Amazon Price New from Used from
Kindle Edition $17.25  
Paperback $28.03  
Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Book Description

"This is one of the most interesting infosec books to come out in the last several years."
–Dino Dai Zovi, Information Security Professional


"Give a man an exploit and you make him a hacker for a day; teach a man to exploit bugs and you make him a hacker for a lifetime."
–Felix 'FX' Lindner


Seemingly simple bugs can have drastic consequences, allowing attackers to compromise systems, escalate local privileges, and otherwise wreak havoc on a system.


A Bug Hunter's Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular software, like Apple's iOS, the VLC media player, web browsers, and even the Mac OS X kernel. In this one-of-a-kind account, you'll see how the developers responsible for these flaws patched the bugs—or failed to respond at all. As you follow Klein on his journey, you'll gain deep technical knowledge and insight into how hackers approach difficult problems and experience the true joys (and frustrations) of bug hunting.


Along the way you'll learn how to:

  • Use field-tested techniques to find bugs, like identifying and tracing user input data and reverse engineering
  • Exploit vulnerabilities like NULL pointer dereferences, buffer overflows, and type conversion flaws
  • Develop proof of concept code that verifies the security flaw
  • Report bugs to vendors or third party brokers

A Bug Hunter's Diary is packed with real-world examples of vulnerable code and the custom programs used to find and test bugs. Whether you're hunting bugs for fun, for profit, or to make the world a safer place, you'll learn valuable new skills by looking over the shoulder of a professional bug hunter in action.



Editorial Reviews

About the Author

Tobias Klein is a security researcher and founder of NESO Security Labs, an information security consulting and research company based in Heilbronn, Germany. As a vulnerability researcher, Tobias has identified and helped to fix numerous security vulnerabilities. He is the author of two other information security books published in German by dpunkt.verlag of Heidelberg, Germany.


Product Details

  • File Size: 2415 KB
  • Print Length: 208 pages
  • Publisher: No Starch Press; 1 edition (November 4, 2011)
  • Sold by: Amazon Digital Services, Inc.
  • Language: English
  • ASIN: B00652XO2I
  • Text-to-Speech: Enabled
  • X-Ray:
  • Word Wise: Not Enabled
  • Lending: Not Enabled
  • Amazon Best Sellers Rank: #580,220 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
  •  Would you like to give feedback on images?


Customer Reviews

Most Helpful Customer Reviews
14 of 14 people found the following review helpful
5.0 out of 5 stars To the point November 8, 2011
Format:Paperback
This was a great read; short and focused. While it did not have as much variety as other books, such as The Art Of Software Security Assessment, Bug Hunter's Diary had little or no fluff and was filled with valuable content.

In each chapter, the author did a great job walking through identifying the vulnerability, and explaining the thought process in a digestible, straightforward manner. The brief enumeration of possible disclosure routes was also worded well to concisely explain why a bug hunter might pursue each avenue. Lastly, it was good to see the author track the remediating patch and identify the resulting vulnerabilities.

Tobias Klein is very thorough and detailed in his discovery of vulnerabilities, but in a concise manner. He sticks right to the point and keeps on track for honing in on vulnerable code and triggering said code with the proper conditions and data.

It was also amusing to compare differences in the disclosure timelines from chapter to chapter. Independent, open source targets were patched much more quickly than their counterparts that were fostered by larger organizations. It is uncertain as to whether this was an intentional observation, but interesting none-the-less.

This is a short, fun read for anyone who is interested in vulnerability analysis and exploit development.
Comment | 
Was this review helpful to you?
8 of 8 people found the following review helpful
4.0 out of 5 stars Ask Felgall - Book Review November 29, 2011
Format:Paperback
A read of this book may change your view of computer software forever. The real world security holes that it discusses were found in extremely popular software on a variety of different platforms and clearly represent only a few samples of such holes that are common across most software.

While a fairly advanced level of programming knowledge both with high level languages such as C++ and also with low level assembly language is required to be able to fully understand just exactly how everything described in the book works, it isn't necessary to have that in depth knowledge in order to gain some benefit. Since the purpose of each code change is described in detail in the book those without such an in depth programming knowledge can simply take the author's word for it that a given code change will have a particular result and will still be able to gain a greater understanding of just how vulnerable software can be. These are after all real vulnerabilities that the author found in common software that have since been patched. So as well as demonstrating some of the ways in which holes can be found and exploited the author also demonstrates how he has contributed to helping the owners of this software to patch some of the holes in their software and so make the software safer to use.

Perhaps the things that most stand out about software security from this book are first of all just how easily some security holes can be found by someone who has sufficient experience in "bug hunting" and second, just how small a code change is needed in many instances in order to fix these security holes.

In the front of the book the author describes the goals that he had in writing the book and the book definitely achieves those goals.
Read more ›
Comment | 
Was this review helpful to you?
8 of 8 people found the following review helpful
5.0 out of 5 stars Exceptional November 17, 2011
Format:Paperback
There is a wealth of knowledge being passed in this easy to follow along book. Although some of the content (i.e. the source code), might seem cryptic at first, Tobias does an excellent job of going out of his way to making it understandable. In one instance, he was breaking down some assembly code and used pseudo c code to make it more understandable, and almost as if he could see my eyes still glazing over, he simplifies even further with pseudo code that was language-neutral (basically english), and then the light bulb went on. I was amazed at what I was learning. I also liked the fact that I did not have to concern myself or be distracted from the process because I did not understand some code, and that was huge. In addition, he has a lot of great visual diagrams, side notes, links to source code and the tools used, references for further study, basically the whole shebang. Simply put, Tobias made my first journey into the world of bug hunting an exciting one. I would highly recommend this to anyone who wants to better their programming skills, get into computer security research or just plain understand how software works this book will get you jump started and excited!
Comment | 
Was this review helpful to you?
3 of 3 people found the following review helpful
5.0 out of 5 stars Bug Hunting Showcased in most Spectacular Way December 22, 2011
Format:Paperback
Once upon a time there were bounty hunters running in the wild to nab those `Most Wanted' criminals and walk away with big bucks. Now we have bug hunters running wild in their computer world not only to put their name on wall of fame but also to reap those rich rewards.

Here in this latest book "Bug Hunter's Diary" we have similar story of another great and inspiring bug hunter, Tobias Klein.

This book gives valuable insights on different techniques of bug hunting and exploiting them successfully. Each of the chapters in this book conforms to the each of the vulnerability discovered by author and written in his own words and style.

Before you proceed to reading, it is good idea to get some basic knowledge on driver concepts including its life cycle, IRP, IOCTL and debugging. As three of eight chapters here deal with driver bugs, this prep will help you to feel at home later on.

If you are new to vulnerability research, I suggest you to start with Appendix A which refreshes concept of stack overflow with practical example, NULL pointer dereferences, type conversion, GOT exploitation techniques which are essential to understand main chapters. Appendix B describes debugging tools along with commands for Solaris(mdb), Linux (gdb), Windows (windbg) and shows how to setup VMware for Kernel Debugging. Final Appendix talks about exploit mitigation techniques such as ASLR, GS, NX, DEP and finishes with detailed description on RELRO for ELF (Linux).

Though fuzzing is most common method used for bug hunting these days, author has used it only in final chapter and rest of the bugs were based on manual & his ingenious approach, that's what separates men from boys.

In chap 2, author talks about the first victim, VLC media player.
Read more ›
Comment | 
Was this review helpful to you?
Most Recent Customer Reviews
4.0 out of 5 stars good but fail on explain how to do
Well its a good book, not excellent because has not steps to do things or present the same case on differents views like "case study" if the book show "how to do.. Read more
Published 2 months ago by Julio
4.0 out of 5 stars Fantastic Guide
Author Tobias Klein definitely makes good on his promise to guide us through the wilds of software security. Read more
Published 2 months ago by Nyck
4.0 out of 5 stars good book for teaching the thought process.
This is a good look at the thought process involved when looking for bugs in software. The book does not go into all the details, though. Read more
Published 9 months ago by Amazon Customer
5.0 out of 5 stars Great book, but require great coding skills to properly absorb it.
This is a very good book. But make sure you have great coding skills in order to take advantage of all that the book can offer. Read more
Published 13 months ago by E.M.
5.0 out of 5 stars How to find bugs
Finding vulnerabilities in software is hard, and although there are a lot of sources for learning the theory of how to do it, this book actually walks you step by step through how... Read more
Published 17 months ago by scribble
4.0 out of 5 stars short, yet informative
I found the organization of the book as a collection of bugs refreshing. Each chapter is self-contained, so it makes for a light read, but the content is high-quality, targets are... Read more
Published 21 months ago by reviewer39
5.0 out of 5 stars Warning: Bug Hunting is Addicting.
TL;DR: If you're interested in bug hunting, this is the book you want.

I read this book after reading TAOSSA and was very impressed. Read more
Published 21 months ago by moshe k
4.0 out of 5 stars Step through the mind of a bug hunter while stepping through...
In "A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security" by Tobias Klein; No Starch Press. Read more
Published on May 24, 2012 by Claudio J. Lacayo
4.0 out of 5 stars Shoulder-surfing with a professional bug hunter
A couple of months ago I got my hands on Tobias Klein's new book "A Bug Hunter's Diary" and have only recently managed to read through it and, I have to say, I liked it very... Read more
Published on March 15, 2012 by Gunter
5.0 out of 5 stars Great Source of Information!
As an InfoSec professional, I frequently hear about insecure systems and vulnerabilities that are found in software packages. Read more
Published on March 6, 2012 by George Romano
Search Customer Reviews
Search these reviews only

More About the Author

Discover books, learn about writers, read author blogs, and more.

What Other Items Do Customers Buy After Viewing This Item?


Forums

There are no discussions about this product yet.
Be the first to discuss this product with the community.
Start a new discussion
Topic:
First post:
Prompts for sign-in
 


Look for Similar Items by Category