A Bug Hunter’s Diary

A Bug Hunter’s Diary is a concise (194 pages) cross between a diary and a textbook. We follow Tobias Klein as he discovers, exploits and fixes eight different bugs in popular pieces of open and closed source software. In this case, bugs refer to security critical bugs which would allow an attacker to compromise systems, escalate local privileges and otherwise wreak havoc on a system.

Many popular techniques such as identifying and tracing user input data, fuzzing and disassembly are demonstrated. Vulnerabilities like NULL pointer dereferences, buffer overflows and type conversions are found and explained; while the main body of the book focusses on the anatomy of particular software flaws, appendices provide tips and tricks for hunting out bugs, using popular debuggers and mitigating the faults.

Klein provides useful proof-of-concept code and explains how bugs occur with clear code listings, block diagrams and explanations. Recaps of what is going on are provided throughout the chapters; making a potential minefield of registers, acronyms and hexadecimal values easy to follow.

A Bug Hunter’s Diary isn’t going to train a novice up to the level of expert bug hunter, as it already expects a prerequisite knowledge of C, Assembly and memory management. However, plenty of references and suggested further reading is provided, allowing less experienced readers to improve their background knowledge along the way.

This book is well laid out, easy to understand and thoroughly interesting to those fascinated by finding security vulnerabilities, fixing bugs or simply writing better code.


Jonathan Hammler


External Links

Compsoc Wiki
Compsoc Library

Upcoming Events

There are no upcoming events planned. Check the CompSoc Wiki in case of emergency

RSS | iCal


No Starch Press
Durham Students Union

Random Poll

What is pi?

View results
Submit a new poll
All polls

This section exists to trap prefetching clients. Please just ignore it if you have css disabled and thus can see this. Do not click this link unless you want us to think you are a bot