A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security 1st Edition

by Tobias Klein (Author)

41 ratings

ISBN-13: 978-1593273859

ISBN-10: 1593273851

Why is ISBN important?

Share <Embed>

Other Sellers

from

Other Sellers

See all 2 versions

Used: Good | Details

Sold by The Colorado Page Exchange

Access codes and supplements are not guaranteed with used items.

FREE delivery May 31 - June 7. Details

Or fastest delivery May 27 - June 2. Details

Select delivery location

"This is one of the most interesting infosec books to come out in the last several years."
–Dino Dai Zovi, Information Security Professional

"Give a man an exploit and you make him a hacker for a day; teach a man to exploit bugs and you make him a hacker for a lifetime."
–Felix 'FX' Lindner

Seemingly simple bugs can have drastic consequences, allowing attackers to compromise systems, escalate local privileges, and otherwise wreak havoc on a system.

A Bug Hunter's Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular software, like Apple's iOS, the VLC media player, web browsers, and even the Mac OS X kernel. In this one-of-a-kind account, you'll see how the developers responsible for these flaws patched the bugs—or failed to respond at all. As you follow Klein on his journey, you'll gain deep technical knowledge and insight into how hackers approach difficult problems and experience the true joys (and frustrations) of bug hunting.

Along the way you'll learn how to:

Use field-tested techniques to find bugs, like identifying and tracing user input data and reverse engineering
Exploit vulnerabilities like NULL pointer dereferences, buffer overflows, and type conversion flaws
Develop proof of concept code that verifies the security flaw
Report bugs to vendors or third party brokers

A Bug Hunter's Diary is packed with real-world examples of vulnerable code and the custom programs used to find and test bugs. Whether you're hunting bugs for fun, for profit, or to make the world a safer place, you'll learn valuable new skills by looking over the shoulder of a professional bug hunter in action.

Dafydd Stuttard
792
Paperback
68 offers from $19.99
Peter Yaworski
160
Paperback
55 offers from $15.57
Jon Erickson
1,084
Paperback
93 offers from $9.45
Ben Clark
2,755
Paperback
34 offers from $4.45
Phillip L. Wylie
369
Paperback
56 offers from $14.06

Michael Sikorski
438
Paperback
54 offers from $13.77
Peter Yaworski
160
Paperback
55 offers from $15.57
Jon Erickson
1,084
Paperback
93 offers from $9.45
Manul Laphroaig
55
Hardcover
29 offers from $21.18
Chris Eagle
137
Paperback
42 offers from $18.47
Chris Anley
147
Paperback
33 offers from $24.00

Editorial Reviews

About the Author

Tobias Klein is a security researcher and founder of NESO Security Labs, an information security consulting and research company based in Heilbronn, Germany. As a vulnerability researcher, Tobias has identified and helped to fix numerous security vulnerabilities. He is the author of two other information security books published in German by dpunkt.verlag of Heidelberg, Germany.

Start reading A Bug Hunter's Diary on your Kindle in under a minute.

Don't have a Kindle? 在此取得您的 Kindle, or download a FREE Kindle Reading App.

Product details

Publisher ‏ : ‎ No Starch Press; 1st edition (November 14, 2011)
Language ‏ : ‎ English
Paperback ‏ : ‎ 208 pages
ISBN-10 ‏ : ‎ 1593273851
ISBN-13 ‏ : ‎ 978-1593273859
Item Weight ‏ : ‎ 12 ounces
Dimensions ‏ : ‎ 7 x 0.69 x 9.25 inches

Best Sellers Rank: #1,394,294 in Books (See Top 100 in Books)
- #74 in Computer Programming Debugging
- #683 in Computer Systems Analysis & Design (Books)
- #1,231 in Software Design & Engineering

Customer Reviews:
41 ratings

About the author

Follow authors to get new release updates, plus improved recommendations.

Tobias Klein

Brief content visible, double tap to read full content.

Full content visible, double tap to read brief content.

Discover more of the author’s books, see similar authors, read author blogs and more

Customer reviews

5 star		67%
4 star		27%
3 star 0% (0%)		0%
2 star 0% (0%)		0%
1 star		6%

How customer reviews and ratings work

Top reviews from the United States

There was a problem filtering reviews right now. Please try again later.

Julio

good but fail on explain how to do

Reviewed in the United States on October 11, 2014

Verified Purchase

Well its a good book, not excellent because has not steps to do things or present the same case on differents views like "case study" if the book show "how to do.. " like cook book it will be an excellent book but its 4 stars because the book is small and explain many concepts so you need to know previously C debugging, overflow, heap, etc

i think if the book detail more about how to exploit that things it will be excellent

One person found this helpful

Helpful

Zach Childers

Great stories, super useful for getting a feel for the job

Reviewed in the United States on December 31, 2016

Verified Purchase

This book is really good for getting a feel for the mindset and process required for vulnerability hunting. He goes over fuzzing techniques, where to look for weak points in application code, and much more.

However, the author is German and the laws in Germany are restrictive against redistributing "hacker code." This means the code samples in the book are usually incomplete, with everything but the exploit mechanism included. Personally for me this was a big drawback, as I find reading source code the best way to learn techniques like these.

4 people found this helpful

Helpful

Technophobe01

Fabulous

Reviewed in the United States on October 24, 2019

Verified Purchase

This books offers an excellent introduction to the process of discovering and initiating fileless attacks on computer operating systems. It is a concise and well written book - highly recommended.

Helpful

Moshe

Warning: Bug Hunting is Addicting.

Reviewed in the United States on March 11, 2013

Verified Purchase

TL;DR: If you're interested in bug hunting, this is the book you want.

I read this book after reading TAOSSA and was very impressed. TAOSSA methodically details everything that can go wrong in a program (see Chapter 6). A Bug Hunter's Diary is the perfect followup, showing you the thought process behind bug hunting. After you pick up this book, you'll want to start searching for your own bugs - and you'll likely find some too!

2 people found this helpful

Helpful

Primed

Very interesting and detailed

Reviewed in the United States on January 27, 2012

Verified Purchase

If you're technically-inclined, a security researcher, or just someone who is interested in computer security, chances are you'll love this book. It goes into detail about each vulnerability, in a unique format, explaining the technical details and just about everything you'd need to know. A geek's diary if there ever was one. Hard to put this one down. Recommended read!

Helpful

Scott Piper

How to find bugs

Reviewed in the United States on July 21, 2013

Verified Purchase

Finding vulnerabilities in software is hard, and although there are a lot of sources for learning the theory of how to do it, this book actually walks you step by step through how the author found some in a variety of software. This is the only book of it's kind (at least as of 2013).

Helpful

Amazon Customer

good book for teaching the thought process.

Reviewed in the United States on March 20, 2014

Verified Purchase

This is a good look at the thought process involved when looking for bugs in software. The book does not go into all the details, though. This makes it good when trying to teach the process. Other materials can be used to show detailed tool and techniques.

Helpful

E.M.

Great book, but require great coding skills to properly absorb it.

Reviewed in the United States on November 25, 2013

Verified Purchase

This is a very good book. But make sure you have great coding skills in order to take advantage of all that the book can offer. I'm not a coder myself, so I'll have to improve those skills, and get back an re-read this book.

But all in all, it's an excelent book for security professionals/researchers and web application penetration testers.

Helpful

Top reviews from other countries

Translate all reviews to English

Phil

Incomplete

Reviewed in the United Kingdom on September 1, 2017

Verified Purchase

Uses windows vista, doesn't include exploit code, doesn't explain the process leading to you looking in a particular file in the first place. You can follow along with the exploit, to an extent, but he doesn't tell you why/how you would identify a vulnerable file from several hundred files.

One person found this helpful

Pablo R

Fas delivery great book!

Reviewed in the United Kingdom on October 23, 2018

Verified Purchase

Great book, recommended for anyone interested in Infosec

Francesco Salvatore

Ben fatto!

Reviewed in Italy on January 18, 2017

Verified Purchase

Libro eccellente, molto ben fatto.
Preciso nei passaggi e molto discorsivo, non è un libro da leggere a tempo perso, necessita di attenzione e concentrazione ma molto professionale.

Translate review to English

See all reviews

A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security 1st Edition

Customers who viewed this item also viewed

Customers who bought this item also bought

Editorial Reviews

About the Author

Product details

About the author

Tobias Klein

Customer reviews

Top reviews from the United States

There was a problem filtering reviews right now. Please try again later.

Top reviews from other countries