A Bug Hunter's Diary

Perhaps not the easiest of books to read but contains clear explanations of some ways in which security holes in software can be found and exploited.

My Rating: yesyesyesyesno





A read of this book may change your view of computer software forever. The real world security holes that it discusses were found in extremely popular software on a variety of different platforms and clearly represent only a few samples of such holes that are common across most software.

While a fairly advanced level of programming knowledge both with high level languages such as C++ and also with low level assembly language is required to be able to fully understand just exactly how everything described in the book works, it isn't necessary to have that in depth knowledge in order to gain some benefit. Since the purpose of each code change is described in detail in the book those without such an in depth programming knowledge can simply take the author's word for it that a given code change will have a particular result and will still be able to gain a greater understanding of just how vulnerable software can be. These are after all real vulnerabilities that the author found in common software that have since been patched. So as well as demonstrating some of the ways in which holes can be found and exploited the author also demonstrates how he has contributed to helping the owners of this software to patch some of the holes in their software and so make the software safer to use.

Perhaps the things that most stand out about software security from this book are first of all just how easily some security holes can be found by someone who has sufficient experience in "bug hunting" and second, just how small a code change is needed in many instances in order to fix these security holes.

In the front of the book the author describes the goals that he had in writing the book and the book definitely achieves those goals. One comment from the author particularly stood out as I read through the book "A brand-new MacBook: $1,149. An LED Cinema Display Monitor $899. Crashing a Mac OS X system with only 11 lines of code: priceless". As the actual code that he used had three blank lines in it and several of the other lines in his code would often be combined into one line by those using alternative formatting I'd have called that six lines of code or possibly even five lines of code rather than 11.

More Information from the Publisher


This article written by Stephen Chapman, Felgall Pty Ltd.

go to top

FaceBook Follow
Twitter Follow