A Bug Hunter’s Diary
- ISBN: 978-1-59327-385
- Publisher: No Starch Press
- Publication Date: November 2011
- Pages: 208
- Price: $39.95
A Bug Hunter’s Diary is a concise (194 pages) cross between a diary and a textbook. We follow Tobias Klein as he discovers, exploits and fixes eight different bugs in popular pieces of open and closed source software. In this case, bugs refer to security critical bugs which would allow an attacker to compromise systems, escalate local privileges and otherwise wreak havoc on a system.
Many popular techniques such as identifying and tracing user input data, fuzzing and disassembly are demonstrated. Vulnerabilities like NULL pointer dereferences, buffer overflows and type conversions are found and explained; while the main body of the book focusses on the anatomy of particular software flaws, appendices provide tips and tricks for hunting out bugs, using popular debuggers and mitigating the faults.
Klein provides useful proof-of-concept code and explains how bugs occur with clear code listings, block diagrams and explanations. Recaps of what is going on are provided throughout the chapters; making a potential minefield of registers, acronyms and hexadecimal values easy to follow.
A Bug Hunter’s Diary isn’t going to train a novice up to the level of expert bug hunter, as it already expects a prerequisite knowledge of C, Assembly and memory management. However, plenty of references and suggested further reading is provided, allowing less experienced readers to improve their background knowledge along the way.
This book is well laid out, easy to understand and thoroughly interesting to those fascinated by finding security vulnerabilities, fixing bugs or simply writing better code.