The Vulnerability Researcher's Handbook

Book description

Learn the right way to discover, report, and publish security vulnerabilities to prevent exploitation of user systems and reap the rewards of receiving credit for your work

Key Features

  • Build successful strategies for planning and executing zero-day vulnerability research
  • Find the best ways to disclose vulnerabilities while avoiding vendor conflict
  • Learn to navigate the complicated CVE publishing process to receive credit for your research

Book Description

Vulnerability researchers are in increasingly high demand as the number of security incidents related to crime continues to rise with the adoption and use of technology. To begin your journey of becoming a security researcher, you need more than just the technical skills to find vulnerabilities; you'll need to learn how to adopt research strategies and navigate the complex and frustrating process of sharing your findings. This book provides an easy-to-follow approach that will help you understand the process of discovering, disclosing, and publishing your first zero-day vulnerability through a collection of examples and an in-depth review of the process.

You'll begin by learning the fundamentals of vulnerabilities, exploits, and what makes something a zero-day vulnerability. Then, you'll take a deep dive into the details of planning winning research strategies, navigating the complexities of vulnerability disclosure, and publishing your research with sometimes-less-than-receptive vendors.

By the end of the book, you'll be well versed in how researchers discover, disclose, and publish vulnerabilities, navigate complex vendor relationships, receive credit for their work, and ultimately protect users from exploitation. With this knowledge, you'll be prepared to conduct your own research and publish vulnerabilities.

What you will learn

  • Find out what zero-day vulnerabilities are and why it's so important to disclose and publish them
  • Learn how vulnerabilities get discovered and published to vulnerability scanning tools
  • Explore successful strategies for starting and executing vulnerability research
  • Discover ways to disclose zero-day vulnerabilities responsibly
  • Populate zero-day security findings into the CVE databases
  • Navigate and resolve conflicts with hostile vendors
  • Publish findings and receive professional credit for your work

Who this book is for

This book is for security analysts, researchers, penetration testers, software developers, IT engineers, and anyone who wants to learn how vulnerabilities are found and then disclosed to the public. You'll need intermediate knowledge of operating systems, software, and interconnected systems before you get started. No prior experience with zero-day vulnerabilities is needed, but some exposure to vulnerability scanners and penetration testing tools will help accelerate your journey to publishing your first vulnerability.

Table of contents

  1. The Vulnerability Researcher’s Handbook
  2. Contributors
  3. About the author
  4. About the reviewers
  5. Disclaimer
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the color images
    5. Conventions used
    6. Get in touch
    7. Share Your Thoughts
    8. Download a free PDF copy of this book
  7. Part 1– Vulnerability Research Fundamentals
  8. Chapter 1: An Introduction to Vulnerabilities
    1. Introducing software vulnerabilities
      1. The CIA Triad
      2. Organizing impacts
    2. Getting familiar with software vulnerability scanners
      1. Common vulnerability scanning tools
    3. Exploring common types of software vulnerabilities
      1. Web applications
      2. Client-server applications
    4. Inspecting the software vulnerability life cycle
      1. Inception
      2. Discovery
      3. Exploitation and remediation
      4. Deprecation
    5. Summary
    6. Further reading
  9. Chapter 2: Exploring Real-World Impacts of Zero-Days
    1. Zero-days – what are they?
      1. Zero-day vulnerability
      2. Zero-day attack
      3. An analogy of zero-day terminology
    2. Exploring zero-day case studies
      1. Pulse – CVE-2019-11510
      2. Confluence – CVE-2021-26084
      3. Microsoft .NET CVE-2017-8759
      4. Citrix – CVE-2019-19781
    3. Considering zero-day ethics
      1. Researcher responsibility
      2. Vendor responsibility
    4. Summary
    5. Further reading
  10. Chapter 3: Vulnerability Research – Getting Started with Successful Strategies
    1. Technical requirements
    2. What is vulnerability research?
      1. Conducting research
    3. Selecting research targets
      1. Finding targets that interest you
      2. Likely vulnerable and downloadable software
    4. Exploring vulnerabilities with test cases
      1. Test cases – a primer
      2. Building effective test suites
      3. Writing your own test cases
    5. Introducing common research tools
      1. Note-taking, screenshot, and screen recording tools
      2. Hypervisors and virtual machines
      3. Web application proxies
      4. Debuggers and decompilers
    6. Summary
    7. Further reading
  11. Part 2 – Vulnerability Disclosure, Publishing, and Reporting
  12. Chapter 4: Vulnerability Disclosure – Communicating Security Findings
    1. Vulnerability disclosure – what and why
      1. What is vulnerability disclosure?
      2. Why is vulnerability disclosure important?
      3. Different types of disclosures
      4. Bug bounties and coordinated disclosure
    2. Initiating disclosure
      1. What happens after disclosure?
      2. Sample disclosure template
    3. Approaching common challenges
      1. Duplication of efforts
      2. Unresponsive vendors
      3. Uncooperative vendors
      4. Failed vendors
      5. Hostile vendors
    4. Summary
    5. Further reading
  13. Chapter 5: Vulnerability Publishing –Getting Your Work Published in Databases
    1. Demystifying vulnerability publishing
      1. Why publish vulnerabilities?
      2. What are some of the risks involved in vulnerability publishing?
    2. Selecting the right vulnerability publishing method
      1. CVE
      2. CVE CNA intermediates
      3. Ineligible application publication options
      4. Exploitation databases
    3. Practical vulnerability publishing examples
      1. A CNA-sponsored CVE
      2. A CNA-LR-sponsored CVE
      3. CNA intermediate sponsored CVE
    4. Summary
    5. Further reading
  14. Chapter 6: Vulnerability Mediation – When Things Go Wrong and Who Can Help
    1. The basics of vulnerability mediation
      1. What is vulnerability mediation?
      2. Types of mediators
      3. When to consider mediation services
      4. Benefits of vulnerability mediation
    2. Resolving disputes through vulnerability mediation
      1. The vulnerability mediation process
    3. Mediator resources
      1. The CERT/CC
      2. The US-CERT
      3. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
      4. Other CERT organizations
      5. Bug bounty programs
      6. Legal support
      7. Other mediation options
    4. Summary
  15. Chapter 7: Independent Vulnerability Publishing
    1. Independent disclosures and their place in a vulnerability life cycle
    2. The benefits of independent publishing
    3. Risks of independent publishing
    4. How to independently publish while avoiding risks
      1. Avoiding the common risks in publishing
      2. How to independently publish a vulnerability
      3. A before-you-publish checklist
    5. Summary
    6. Additional reading
  16. Part 3 – Case Studies, Researcher Resources, and Vendor Resources
  17. Chapter 8: Real-World Case Studies – Digging into Successful (and Unsuccessful) Research Reporting
    1. Case study 1 – are we there yet?
      1. Lessons learned
      2. Possible improvements
    2. Case study 2 – contract clause
      1. Lessons learned
      2. Possible improvements
    3. Case study 3 – tough customers
      1. Lessons learned
      2. Possible improvements
    4. Case study 4 – large corporations and you
      1. Lessons learned
      2. Possible improvements
    5. Case study 5 – I’d like to speak to your manager
      1. Lessons learned
      2. Possible improvements
    6. Summary
  18. Chapter 9: Working with Security Researchers – A Vendor’s Guide
    1. What is a security researcher?
      1. The characteristics of a researcher
      2. The skillset of a researcher
      3. The motivations of a researcher
    2. Harnessing researcher resources
    3. Building trust and collaboration with researchers
      1. Avoiding common relationship missteps
      2. Building positive vendor-researcher relations
    4. Crafting a responsible disclosure policy
      1. An example policy – Acme Logistics’ responsible disclosure policy
    5. Summary
  19. Chapter 10: Templates, Resources, and Final Guidance
    1. Research test case templates
    2. Vendor communication email templates
      1. An introduction email for a company with no security disclosure policy
      2. Sample disclosure template with security policy
      3. Attempting to reinitialize communication
      4. Notification of pending publication with an unresponsive vendor
    3. CVE templates
      1. CVE reservation template
      2. CVE disclosure template
    4. Organizational templates
      1. Workspace
      2. Research to disclosure
    5. Summary and final words
    6. Further reading
  20. Index
    1. Why subscribe?
  21. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share Your Thoughts
    3. Download a free PDF copy of this book

Product information

  • Title: The Vulnerability Researcher's Handbook
  • Author(s): Benjamin Strout
  • Release date: February 2023
  • Publisher(s): Packt Publishing
  • ISBN: 9781803238876