Title: A Bug Hunter’s Diary. A Guided Tour Through the Wilds of Software Security.
Author: Tobias Klein
Published: November 2011
Websites: http://nostarch.com/bughunter.htm, http://www.trapkit.de/books/bhd/en.html
In the modern times of noisy news headlines like “A Security Researchers Unveils a Critical Vulnerability in Product X”, little is publicly said about the overall bug hunting process, in lieu of discussions regarding technical bug details, exploitation mitigations and their countermeasures. The taste of identifying a target, finding a vulnerability, creating proof-of-concept code and talking to the vendors was only known to those actively participating in the security scene – but only until Tobias Klein published his book called A Bug Hunter’s Diary. Mr. Klein, a German security researcher, decided to let the reader take a glimpse at how a bug hunter’s daily work looks and feels like; a subject as much interesting as underestimated in the common literature.
The book is divided into eight chapters and a brief Appendix. The Introduction outlines basic concepts, assumptions and tools used by the author and commonly referenced thorough the book. After that follow seven technical chapters, each discussing a vulnerability in a different product, found and responsibly disclosed by the author during the course three years (2008 – 2011). The diversity of software classes discussed in the book ranges from media decoders (VLC, FFmpeg) through web browsers (WebEx ActiveX control) up to kernels and device drivers (Solaris, Mac OSX, Apple iOS, Avast! driver). Thanks to the wide selection of presented hardware and software platforms and products, one can learn how all kinds of software can be subject to fundamentally trivial bugs, and how different vendors have completely different policies and response times in regard to external reports.
What I consider the biggest advantage of the book is the specific layout of the chapters. Each of them is arranged in the form of a story, beginning with an initial concept of how to approach a chosen target and ending with a patch release and advisory publication. This goes far beyond the typical scheme of limiting focus to technical aspects of software security only, and makes the book enjoyable for anyone interested in vulnerability discovery.
As a diary, I believe it is one of the best books I have read so far. Easy writing style, interesting bugs and illustrative pictures and code listings are the key points making it so successful. Bear in mind, though, that it should not be confused with a textbook – if you are looking for a complete overview of common vulnerability classes or information regarding exploitation mitigations such as DEP or ASLR, you’d rather refer to The Shellcoder’s Handbook or a similar volume. That said, I would especially recommend A Bug Hunter’s Diary as an excellent supplement of a security textbook to everyone making his first steps in the software security field. I definitely wish to see more books of this kind published in the future.