Skip to:Bottom
|
Content
Cover image for A bug hunter's diary : a guided tour through the wilds of software security / Tobias Klein.
Title:
A bug hunter's diary : a guided tour through the wilds of software security / Tobias Klein.
ISBN:
9781593273859
Publication Information:
San Francisco : No Starch Press, ℗♭2011.
Physical Description:
x, 194 pages : illustrations ; 23 cm
Contents:
Bug hunting -- Back to the '90s -- Escape from the WWW zone -- NULL pointer FTW -- Browse and you're owned -- One kernel to rule them all -- A bug older than 4.4BSD -- The ringtone massacre.
Holds:
Copies:

Available:*

Copy
Library Branch
Call Number
Material Type
Home Location
Status
1 Bob Harkins Branch 005.8 KLE Book Adult General Collection
Searching...

On Order

Summary

Summary

"This is one of the most interesting infosec books to come out in the last several years."-Dino Dai Zovi, Information Security Professional

"Give a man an exploit and you make him a hacker for a day; teach a man to exploit bugs and you make him a hacker for a lifetime."-Felix 'FX' Lindner

Seemingly simple bugs can have drastic consequences, allowing attackers to compromise systems, escalate local privileges, and otherwise wreak havoc on a system.

A Bug Hunter's Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular software, like Apple's iOS, the VLC media player, web browsers, and even the Mac OS X kernel. In this one-of-a-kind account, you'll see how the developers responsible for these flaws patched the bugs-or failed to respond at all. As you follow Klein on his journey, you'll gain deep technical knowledge and insight into how hackers approach difficult problems and experience the true joys (and frustrations) of bug hunting.

Along the way you'll learn how to:

Use field-tested techniques to find bugs, like identifying and tracing user input data and reverse engineering Exploit vulnerabilities like NULL pointer dereferences, buffer overflows, and type conversion flaws Develop proof of concept code that verifies the security flaw Report bugs to vendors or third party brokers

A Bug Hunter's Diary is packed with real-world examples of vulnerable code and the custom programs used to find and test bugs. Whether you're hunting bugs for fun, for profit, or to make the world a safer place, you'll learn valuable new skills by looking over the shoulder of a professional bug hunter in action.


Author Notes

Tobias Klein is a security researcher and founder of NESQ Security Labs an information security consulting and research company. He is the author of two information security books published in the German language by dpunkt.verlag.


Table of Contents

Acknowledgmentsp. xi
Introductionp. 1
Chapter 1 Bug Huntingp. 3
Chapter 2 Back to the '90sp. 9
Chapter 3 Escape from the WWW Zonep. 25
Chapter 4 NULL Pointer FTWp. 51
Chapter 5 Browse and You're Ownedp. 71
Chapter 6 One Kernel to Rule Them Allp. 87
Chapter 7 A Bug Older Than 4.4BSDp. 113
Chapter 8 The Ringfone Massacrep. 133
Appendix A Hints for Huntingp. 149
Appendix B Debuggingp. 163
Appendix C Mitigationp. 179
Indexp. 191

Google Preview

Go to:Top of Page