出版社: No Starch Press
副标题: A Guided Tour Through the Wilds of Software Security
出版年: 2011-11-11
页数: 208
定价: USD 39.95
装帧: Paperback
ISBN: 9781593273859
内容简介 · · · · · ·
"Give a man an exploit and you make him a hacker for a day; teach a man to exploit bugs and you make him a hacker for a lifetime." -Felix 'FX' Lindner Seemingly simple bugs can have drastic consequences, allowing attackers to compromise systems, escalate local privileges, and otherwise wreak havoc on a system. A Bug Hunter's Diary follows security expert Tobias Klein as he tr...
"Give a man an exploit and you make him a hacker for a day; teach a man to exploit bugs and you make him a hacker for a lifetime." -Felix 'FX' Lindner Seemingly simple bugs can have drastic consequences, allowing attackers to compromise systems, escalate local privileges, and otherwise wreak havoc on a system. A Bug Hunter's Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular software, like Apple's iOS, the VLC media player, web browsers, and even the Mac OS X kernel. In this one-of-a-kind account, you'll see how the developers responsible for these flaws patched the bugs-or failed to respond at all. As you follow Klein on his journey, you'll gain deep technical knowledge and insight into how hackers approach difficult problems and experience the true joys (and frustrations) of bug hunting. Along the way you'll learn how to: * Use field-tested techniques to find bugs, like identifying and tracing user input data and reverse engineering * Exploit vulnerabilities like NULL pointer dereferences, buffer overflows, and type conversion flaws * Develop proof of concept code that verifies the security flaw * Report bugs to vendors or third party brokers A Bug Hunter's Diary is packed with real-world examples of vulnerable code and the custom programs used to find and test bugs. Whether you're hunting bugs for fun, for profit, or to make the world a safer place, you'll learn valuable new skills by looking over the shoulder of a professional bug hunter in action.
作者简介 · · · · · ·
Tobias Klein 是德国著名信息安全咨询与研究公司NESO安全实验室创始人,资深软件安全研究员,职业生涯中发现的软件安全漏洞无数,更曾为苹果、微软等公司的产品找出不少漏洞。除本书外,还出版过两本信息安全方面的德文作品。
喜欢读"A Bug Hunter's Diary"的人也喜欢 · · · · · ·
A Bug Hunter's Diary的书评 · · · · · · ( 全部 8 条 )
Hunter your bug
Further Reading
一些摘录 1.2 Common Techniques
> 更多书评 8篇
论坛 · · · · · ·
在这本书的论坛里发言这本书的其他版本 · · · · · · ( 全部2 )
-
人民邮电出版社 (2012)8.8分 88人读过
以下书单推荐 · · · · · · ( 全部 )
- 2014-技术 (员外👻)
- 3.debug (葡萄)
- 近三年信安逆向工程流非屎类目前仅五本 (豆友2869147)
- cs (豆友234163177)
- HACK (mario)
谁读这本书? · · · · · ·
二手市场
· · · · · ·
- 在豆瓣转让 有150人想读,手里有一本闲着?
订阅关于A Bug Hunter's Diary的评论:
feed: rss 2.0
1 有用 Tony Bai 2011-11-29 21:43:57
细读了前两张以及最后的附录,bug查找这事儿就好比警察查案,100个案子可能有100种不同的思路和方法,最好还是自己亲自上阵debug,以不变应万变。只是看别人的diary,估计仍旧无法掌握真谛。
0 有用 look 2014-03-18 01:43:23
由浅入深,故事一样,太好看了!
0 有用 Josherich 2012-06-24 19:36:41
作者有那么点啰嗦,但讲得真心清楚,作为小白也能看
0 有用 思寇特牌搬砖工 2012-07-06 09:52:15
八个defect的发掘过程,比侦探小说还要引人入胜,妙趣横生
0 有用 yan97ao 2012-11-12 20:35:32
再棒的经历或者电子重复太多次也会变得很乏味
0 有用 李清照 2022-06-14 00:18:55
三大平台的漏洞挖掘,调试和利用,涉及应用和内核,以及早期的fuzz,作者也太全能了吧,时间也很超前啊!
0 有用 look 2014-03-18 01:43:23
由浅入深,故事一样,太好看了!
0 有用 shengying 2013-07-05 23:29:30
主要讲的是Memory Error,我比较关注的是Web-specific Vulnerabilities;对关键技术的描述值得借鉴
0 有用 yan97ao 2012-11-12 20:35:32
再棒的经历或者电子重复太多次也会变得很乏味
0 有用 思寇特牌搬砖工 2012-07-06 09:52:15
八个defect的发掘过程,比侦探小说还要引人入胜,妙趣横生