Title | Content |
---|---|
Title | A Bug Hunters Diary |
Type | Movie |
Language | English |
Author | Toians klein |
Description |
Welcome to A Bug Hunter’s Diary. This book describes the life cycles of seven interesting, real-life software security vulnerabilities I found over the past several years. Each chapter focuses on one bug. I’ll explain how I found the bug, the steps I took to exploit it, and how the vendor eventually patched it. The Goals of This Book The primary goal of this book is to provide you with practical exposure to the world of bug hunting. After reading this book, you will have a better understanding of the approaches that bug hunters use to find security vulnerabilities, how they create proof-of-concept code to test the vulnerabilities, and how they can report vulnerabilities to the vendor. The secondary goal of this book is to tell the story behind each of these seven bugs. I think they deserve it. Who Should Read the Book This book is aimed at security researchers, security consultants, C/C++ programmers, penetration testers, and anyone else who wants to diveinto the exciting world of bug hunting. To get the most out of the book, you should have a solid grasp of the C programming language and be familiar with x86 assembly. If you are new to vulnerability research, this book will help you to get acquainted with the different aspects of hunting, exploiting, and reporting software vulnerabilities. If you are an already-experienced bug hunter, this book will offer a new perspective on familiar chal- lenges and will likely make you chuckle at times—or put a knowing smile on your face. Disclaimer The goal of this book is to teach readers how to identify, protect against, and mitigate software security vulnerabilities. Understanding the techniques used to find and exploit vulnerabilities is necessary to thoroughly grasp the underlying problems and appropriate mitigation techniques. Since 2007, it is no longer legal to create or distribute “hacking tools” in Germany, my home country. Such tools include simple port scanners as well as working exploits. Therefore, to comply with the law, no full working exploit code is provided in this book. The examples simply show the steps used to gain control of the exe cution flow (the instruction pointer or program counter control) of a vulnerable program Acknowledgments |
Views: | 1522 |
Publish time |
6 years ago
2018-06-30 08:30:00
|
Download |
|
AcTioN |
|
Please login/register to Leave a Reply