.

[Article]-Book Review: A Bug Hunter’s Diary

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Dec 28, 2011 11:33 am

[Article]-Book Review: A Bug Hunter’s Diary

Here's the first of a few assignements for Tristan Lawson. Thanks for the hard work, especially during the holidays.

Permanent link: [Article]-Book Review: A Bug Hunter’s Diary


Image


Review by Tristan Lawson, CISSP, MCSE: Security, GCIH, OSCP et al

So often as security professionals we hear how bug hunters both black hat and white hat find vulnerabilities and release them to the vendor or use them for monetary gain. We wonder how they actually went about finding these vulnerabilities and what hurdles they had to jump to find them. "A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security" by Tobias Klein focuses on helping different levels of security professionals understand the approaches used to uncover vulnerabilities, testing the vulnerabilities found and finally reporting on those vulnerabilities. It is short and to the point and offers nothing but valuable content with little to no fluff content.

The book was written as though Tobias was writing in a journal as he was progressing through his research of a particular application. Each chapter is a separate journal entry focused on a single application into which he dug and eventually found a vulnerability. He then determined if it was exploitable and in turn released it to either the vendor or to a vulnerability broker. This is a fascinating look into the heart of a sector of the security economy not previously exposed to a wider audience.

After the break, look for a link to a free download of Chapter 2: "Back to the 90s"



Enjoy,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

the_Grinch

User avatar

Newbie
Newbie

Posts: 45

Joined: Tue Jan 13, 2009 4:24 pm

Post Thu Dec 29, 2011 3:32 am

Re: [Article]-Book Review: A Bug Hunter’s Diary

Great review, just purchased the book on my Kindle!
BS-CST Security+

Blog:  http://havewire.blogspot.com/
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Thu Dec 29, 2011 11:39 am

Re: [Article]-Book Review: A Bug Hunter’s Diary

I like the idea of it being written like a journal.  I've added this to my list of books to buy :)
Last edited by lorddicranius on Thu Dec 29, 2011 7:41 pm, edited 1 time in total.
GSEC, eCPPT, Sec+
<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Sat Dec 31, 2011 5:06 pm

Re: [Article]-Book Review: A Bug Hunter’s Diary

Saw this at the library a few weeks ago, might have to check it out.  Of course I'm currently reading:

1. Web Application Hacker's Handbook v2
2. Hacking: Art of Exploitation
3. Programming Ruby
4. CCNA Library
5. Metasploit: Pen Tester's Guide

And once I finish the Art of Exploitation, I have the Shellcoder's handbook to go through.  I sure am glad I don't have a paying job and have time to read all this!
Sec+, eCPPT
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Dec 31, 2011 6:16 pm

Re: [Article]-Book Review: A Bug Hunter’s Diary

Not envious of lack of job, but envious of the free time you gain from said lack...
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

n3r

User avatar

Jr. Member
Jr. Member

Posts: 95

Joined: Wed Sep 28, 2011 1:06 am

Location: paris

Post Mon Jan 02, 2012 3:38 am

Re: [Article]-Book Review: A Bug Hunter’s Diary

I have the book, but not read it yet.
You can download the source code, the videos and vulnerable software from the author's website here : http://www.trapkit.de/books/bhd/en.html#videos
<<

Tseug

Newbie
Newbie

Posts: 2

Joined: Tue Jan 10, 2012 11:49 pm

Post Wed Jan 11, 2012 12:09 am

Re: [Article]-Book Review: A Bug Hunter’s Diary

I haven't really checked this book out, but I noticed it on Nostarch's website when I was looking into Gray Hat Python....

I really like that these guys give you the ebook without charging anything extra when you buy the hard copy book from them...

They have the Metasploit book by Dave Kennedy too, but we already have that in the work "library"....so no need to buy it again....

You reviewers should put pressure on other publishers to adopt the same policy imo.. ;)

Return to Book Reviews

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software