Reddit Reddit reviews A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security

We found 8 Reddit comments about A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security. Here are the top ones, ranked by their Reddit score.

Computers & Technology
Books
Computer Science
Computer Systems Analysis & Design
A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
Used Book in Good Condition
Check price on Amazon

8 Reddit comments about A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security:

u/joxeankoret · 4 pointsr/ReverseEngineering

"Source code fuzzers". Wow. Unless you're fuzzing a compiler/interpreter, it doesn't make any sense at all. Really, you should start by finding in Google about the subject.

In any case, I recommend you to read the book "The art of software security assessment" [1] and a Bug Hunter's Diary[2].

[1] http://www.amazon.com/The-Software-Security-Assessment-Vulnerabilities/dp/0321444426

[2] http://www.amazon.com/Bug-Hunters-Diary-Software-Security/dp/1593273851

u/epochwin · 3 pointsr/netsec

You can practice on open source projects. This is another book I liked:
http://www.amazon.com/Bug-Hunters-Diary-Software-Security/dp/1593273851/

A mix of black box testing, knowing what vulnerable code looks like and reverse engineering.

u/tunnelsup · 2 pointsr/netsec

I haven't done this myself yet but I'm pretty sure this is where something like Ida Pro comes in where you disassemble the program so it is now in assembly language. Then you can use your assembly language skills to step through some of the code. Like you may see variables stored in a weird ways or memory handled in a bad way.

A book that may get you started is: The Bug Hunters Diary

u/OrderZero · 2 pointsr/netsec

I've read a lot of these but I'm glad to see not all of them :) Adding to my reading list for sure.

Thanks!

EDIT: forgive me if these are already listed but just in case...

Bug Hunter's Diary - http://www.amazon.com/Bug-Hunters-Diary-Software-Security/dp/1593273851
Gives real hands on real-life experience in a "diary" format and covers some great bugs

Gray Hat Hacking - http://www.amazon.com/Hacking-Ethical-Hackers-Handbook-Edition/dp/0071742557
Despite a bad generic "ethical" title this book goes really in-depth on a lot of subjects (almost to the point of rambling actually) including fuzzing, client-side exploits (mostly browser-based), and much more.

Hacking Windows Exposed - http://www.amazon.com/Hacking-Exposed-Windows-Microsoft-Solutions/dp/007149426X
Another generic title but this book has small good parts scattered throughout, really written more for pentesters it has some very common red team methods but also has a few hidden gems hidden within the various subjects it tries to cover.

Also for anyone looking to get TAOSSA (The Art of Software Security Assessment) it's absolutely huge and WILL split down the middle while reading...it's sitting on my bookshelf right now in its ripped state but I've read it 4 times and still don't feel like all the material has sunken in, if you're going to buy any book at all it should be that one as it will provide countless hours/days/weeks/months of reading.

u/Zenofex · 2 pointsr/netsec

If we are going to talk about a good new netsec book, I recommend everyone check out "Tobias Klein's" - A Bug Hunter's Diary. You can get it at nostarch.com but I recommend saving the cash and getting it from amazon.com. I got my copy on Monday and its been a pretty good read so far.

u/alemcg · 1 pointr/netsec

So Tangled Web is a good book but it's not about exploitation in the sense it seems you're meaning. The Kernel Exploitation book is good but daunting if you don't have any exploit development experience. You may also consider A Bug Hunter's Diary by Tobias Klein

Grab a copy of the Intel IA-32 Assembly Reference http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html. I wouldn't recommend reading through this as a how-to but having a local copy to reference various unfamiliar instructions would be helpful.

Phrack articles are pretty useful too. Exploit-DB and packetstorm will be useful for finding working exploits for legacy bugs you may be practicing on.

Whatever language you're writing your exploits in (Perl/Python/Ruby) you'll probably want a reference for that.

u/mauvehead · 1 pointr/netsecstudents


A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security https://www.amazon.com/dp/1593273851/ref=cm_sw_r_cp_apa_iWHXAb48X2078