A Bug Hunter's Diary

A Guided Tour Through the Wilds of Software Security

Author: Tobias Klein

Publisher: No Starch Press

ISBN: 1593274157

Category: Computers

Page: 200

View: 1385

DOWNLOAD NOW »

Seemingly simple bugs can have drastic consequences, allowing attackers to compromise systems, escalate local privileges, and otherwise wreak havoc on a system. A Bug Hunter's Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular software, like Apple's iOS, the VLC media player, web browsers, and even the Mac OS X kernel. In this one-of-a-kind account, you'll see how the developers responsible for these flaws patched the bugs—or failed to respond at all. As you follow Klein on his journey, you'll gain deep technical knowledge and insight into how hackers approach difficult problems and experience the true joys (and frustrations) of bug hunting. Along the way you'll learn how to: –Use field-tested techniques to find bugs, like identifying and tracing user input data and reverse engineering –Exploit vulnerabilities like NULL pointer dereferences, buffer overflows, and type conversion flaws –Develop proof of concept code that verifies the security flaw –Report bugs to vendors or third party brokers A Bug Hunter's Diary is packed with real-world examples of vulnerable code and the custom programs used to find and test bugs. Whether you're hunting bugs for fun, for profit, or to make the world a safer place, you'll learn valuable new skills by looking over the shoulder of a professional bug hunter in action.
Release

ICT Systems Security and Privacy Protection

32nd IFIP TC 11 International Conference, SEC 2017, Rome, Italy, May 29-31, 2017, Proceedings

Author: Sabrina De Capitani di Vimercati,Fabio Martinelli

Publisher: Springer

ISBN: 3319584693

Category: Computers

Page: 586

View: 7346

DOWNLOAD NOW »

This book constitutes the refereed proceedings of the 32nd IFIP TC 11 International Conference on ICT Systems Security and Privacy Protection, SEC 2017, held in Rome, Italy, in May 2017. The 38 revised full papers presented were carefully reviewed and selected from 199 submissions. The papers are organized in the following topical sections: network security and cyber attacks; security and privacy in social applications and cyber attacks defense; private queries and aggregations; operating systems and firmware security; user authentication and policies; applied cryptography and voting schemes; software security and privacy; privacy; and digital signature, risk management, and code reuse attacks.
Release

Real-World Bug Hunting

A Field Guide to Web Hacking

Author: Peter Yaworski

Publisher: No Starch Press

ISBN: 1593278624

Category: Computers

Page: 264

View: 1496

DOWNLOAD NOW »

Uses real-world bug reports (vulnerabilities in software or in this case web applications) to teach programmers and InfoSec professionals how to discover and protect vulnerabilities in web applications. Real-World Bug Hunting is a field guide to finding software bugs. Ethical hacker Peter Yaworski breaks down common types of bugs, then contextualizes them with real bug bounty reports released by hackers on companies like Twitter, Facebook, Google, Uber, and Starbucks. As you read each report, you'll gain deeper insight into how the vulnerabilities work and how you might find similar ones. Each chapter begins with an explanation of a vulnerability type, then moves into a series of real bug bounty reports that show how the bugs were found. You'll learn things like how Cross-Site Request Forgery tricks users into unknowingly submitting information to websites they are logged into; how to pass along unsafe JavaScript to execute Cross-Site Scripting; how to access another user's data via Insecure Direct Object References; how to trick websites into disclosing information with Server Side Request Forgeries; and how bugs in application logic can lead to pretty serious vulnerabilities. Yaworski also shares advice on how to write effective vulnerability reports and develop relationships with bug bounty programs, as well as recommends hacking tools that can make the job a little easier.
Release

Smart TV Security

Media Playback and Digital Video Broadcast

Author: Benjamin Michéle

Publisher: Springer

ISBN: 3319209949

Category: Computers

Page: 92

View: 3544

DOWNLOAD NOW »

This book discusses the emerging topic of Smart TV security, including its implications on consumer privacy. The author presents chapters on the architecture and functionality of Smart TVs, various attacks and defenses, and associated risks for consumers. This includes the latest attacks on broadcast-related digital services and built-in media playback, as well as access to integrated cameras and microphones. This book is a useful resource for professionals, researchers and students engaged with the field of Smart TV security.
Release