|
Title: [Article]-Book Review: A Bug Hunter’s Diary Post by: don on December 28, 2011, 10:33:48 AM Here's the first of a few assignements for Tristan Lawson. Thanks for the hard work, especially during the holidays.
Permanent link: [Article]-Book Review: A Bug Hunter’s Diary (http://www.ethicalhacker.net/content/view/403/2/) Quote (http://nostarch.com/sites/default/files/imagecache/product_main_page/bhd.png) (http://nostarch.com/bughunter.htm) Review by Tristan Lawson, CISSP, MCSE: Security, GCIH, OSCP et al So often as security professionals we hear how bug hunters both black hat and white hat find vulnerabilities and release them to the vendor or use them for monetary gain. We wonder how they actually went about finding these vulnerabilities and what hurdles they had to jump to find them. "A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security (http://nostarch.com/bughunter.htm)" by Tobias Klein focuses on helping different levels of security professionals understand the approaches used to uncover vulnerabilities, testing the vulnerabilities found and finally reporting on those vulnerabilities. It is short and to the point and offers nothing but valuable content with little to no fluff content. The book was written as though Tobias was writing in a journal as he was progressing through his research of a particular application. Each chapter is a separate journal entry focused on a single application into which he dug and eventually found a vulnerability. He then determined if it was exploitable and in turn released it to either the vendor or to a vulnerability broker. This is a fascinating look into the heart of a sector of the security economy not previously exposed to a wider audience. After the break, look for a link to a free download of Chapter 2: "Back to the 90s" Enjoy, Don Title: Re: [Article]-Book Review: A Bug Hunter’s Diary Post by: the_Grinch on December 29, 2011, 02:32:37 AM Great review, just purchased the book on my Kindle!
Title: Re: [Article]-Book Review: A Bug Hunter’s Diary Post by: lorddicranius on December 29, 2011, 10:39:24 AM I like the idea of it being written like a journal. I've added this to my list of books to buy :)
Title: Re: [Article]-Book Review: A Bug Hunter’s Diary Post by: Seen on December 31, 2011, 04:06:37 PM Saw this at the library a few weeks ago, might have to check it out. Of course I'm currently reading:
1. Web Application Hacker's Handbook v2 2. Hacking: Art of Exploitation 3. Programming Ruby 4. CCNA Library 5. Metasploit: Pen Tester's Guide And once I finish the Art of Exploitation, I have the Shellcoder's handbook to go through. I sure am glad I don't have a paying job and have time to read all this! Title: Re: [Article]-Book Review: A Bug Hunter’s Diary Post by: hayabusa on December 31, 2011, 05:16:07 PM Not envious of lack of job, but envious of the free time you gain from said lack...
Title: Re: [Article]-Book Review: A Bug Hunter’s Diary Post by: n3r on January 02, 2012, 02:38:12 AM I have the book, but not read it yet.
You can download the source code, the videos and vulnerable software from the author's website here : http://www.trapkit.de/books/bhd/en.html#videos Title: Re: [Article]-Book Review: A Bug Hunter’s Diary Post by: Tseug on January 10, 2012, 11:09:36 PM I haven't really checked this book out, but I noticed it on Nostarch's website when I was looking into Gray Hat Python....
I really like that these guys give you the ebook without charging anything extra when you buy the hard copy book from them... They have the Metasploit book by Dave Kennedy too, but we already have that in the work "library"....so no need to buy it again.... You reviewers should put pressure on other publishers to adopt the same policy imo.. ;)
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |