Automotive Deals HPCC Amazon Fashion Learn more Discover it $5 Albums Fire TV Stick Sun Care Handmade school supplies Shop-by-Room Amazon Cash Back Offer showtimemulti showtimemulti showtimemulti  Amazon Echo  Echo Dot  Amazon Tap  Echo Dot  Amazon Tap  Amazon Echo Starting at $49.99 All-New Kindle Oasis AutoRip in CDs & Vinyl Water Sports STEM

A Bug Hunter's Reading List

Dino A. Dai Zovi
The list author says: "So you want to hunt bugs, eh? Learning how to hunt bugs no longer requires reading every issue of phrack from the last decade, you can get started by reading a few good books and spending some quality reading time on your nearest couch or beach.

This list covers the basic skills of software testing, fuzzing, reverse engineering, source code and binary security analysis, and exploitation. And I threw in a book on rootkits, just for fun."
A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
"This book's emphasis on the process of bug hunting makes it the ideal book to start with. If you get hooked on bug hunting from this book, then you should read the rest of the books on this list for more in-depth knowledge."
Hacking: The Art of Exploitation, 2nd Edition
Hacking: The Art of Exploitation, 2nd Edition
"This book does a great job of covering C programming, assembly programming, vulnerability discovery, and exploitation all in one.  This book makes a great follow-up to a Bug Hunter's Diary with more in-depth technical information."
The Art of Software Security Testing: Identifying Software Security Flaws
The Art of Software Security Testing: Identifying Software Security Flaws
"Shameless self-promotion.  This book is a lightweight book on software security testing and assessment.  It covers basic software security testing methodologies, web security testing proxies, fuzzing, and crash analysis."
The Mac Hacker's Handbook
The Mac Hacker's Handbook
"More shameless self-promotion.  Hacking modern Windows and Linux systems is hard work, hacking Macs is much more fun.  They are a good place to get started writing exploits because they don't have the level of exploit mitigations like address space layout randomization and non-executable memory and that other modern systems have."
Fuzzing: Brute Force Vulnerability Discovery
Fuzzing: Brute Force Vulnerability Discovery
"Fuzzing is the easiest way to shake out some low hanging security vulnerabilities.  This book covers fuzzing in depth and presents a number of different approaches and tools."
Fuzzing for Software Security Testing and Quality Assurance (Artech House Information Security and Privacy)
Fuzzing for Software Security Testing and Quality Assurance (Artech House Information Security and Privacy)
"This is the textbook on fuzzing from the future where this is actually taught in Software Engineering curricula."
The C Programming Language
The C Programming Language
"You'll need to know C."
Expert C Programming: Deep C Secrets
Expert C Programming: Deep C Secrets
"You'll need to know C well, this book takes you deeper than most C books and covers linking and loading, compilers, and other C subtleties."
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
"This is the Security Bug Bible.  Written by some of the best bug hunters in the business, this book describes software vulnerability classes in a number of programming languages and how to find them via manual source code analysis."
The Art of Assembly Language
The Art of Assembly Language
"You'll need to be familiar with x86 assembly."
The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
"IDA Pro is the de facto reverse engineering tool.  A familiarity with this tool is necessary for even casual static binary security analysis.  An older version of IDA Pro is provided as freeware, so there is no excuse not to be familiar with it."
Reversing: Secrets of Reverse Engineering
Reversing: Secrets of Reverse Engineering
"Get a little more in-depth on reverse engineering."
Exploiting Software: How to Break Code
Exploiting Software: How to Break Code
"A good book covering a range of basic exploitation techniques."
The Shellcoder's Handbook: Discovering and Exploiting Security Holes
The Shellcoder's Handbook: Discovering and Exploiting Security Holes
"The Shellcoder's Handbook is perhaps the best book around on advanced exploitation techniques.  Your friends will be jealous if you can understand everything in it."
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
"This is the quintessential book on rootkits, with an awesome cover to boot.  This is one case where you can judge a book by its cover."