O’Reilly news

A Bug Hunter's Diary--New from No Starch Press: Unique Book Follows a Bug Hunter as He Tracks Down and Exploits Software Vulnerabilities

October 13, 2011

San Francisco, CA, October 13, 2011—In the high-stakes game of security research, a vulnerability in the wrong hands can be a nightmare. For a bug hunter, though, locating these vulnerabilities is all in a day's work. But bug hunting can be a black art—one that's difficult to learn without a mentor.

In A Bug Hunter's Diary (No Starch Press, November 2011, 208 pp., $39.95, ISBN 9781593273859), readers are offered the rare opportunity to observe a professional bug hunter in action. As they read the diary of security expert Tobias Klein, they're taken inside the bug hunting process, as if they're Klein's apprentice and he their mentor. Readers peer over Klein's shoulder as he explains how he tracks down and exploits bugs in software that's used daily by millions of people—like Apple's iOS, the VLC media player, web browsers, and even the Mac OS X kernel. Entries focus on real bugs, detailing the steps Klein takes to find and exploit them, as well as vendors' responses to his disclosing the bugs he finds.

According to No Starch Press Founder Bill Pollock, "used in this way, the diary format is a brilliant and groundbreaking approach to teaching. So much of the learning in the computer security field happens at the feet of masters, but so few have that privileged access. A Bug Hunter's Diary brings that access to anyone willing to take the time to dig into its compelling pages. And most important, the book teaches readers to think like a bug hunter."

Readers learn how to:

  • Use field-tested techniques to find bugs, such as identifying and tracing user input data and reverse engineering
  • Exploit vulnerabilities like NULL pointer dereferences, buffer overflows, and type conversion flaws
  • Develop proof-of-concept code to verify security flaws
  • Report bugs to vendors or third-party brokers

A Bug Hunter's Diary is already exciting the security community because it's the first book to take readers inside the bug hunting process. At last, aspiring bug hunters have that mentor they've been looking for, between the pages of Tobias Klein's A Bug Hunter's Diary.

For more information or to request a review copy of A Bug Hunter's Diary, contact Travis Peterson at No Starch Press (nostarchpr@oreilly.com, +1.415.863.9900, x108), or visit www.nostarch.com.

About the Author

Tobias Klein is a security researcher and founder of NESO Security Labs, an information security consulting and research company based in Heilbronn, Germany. He is the author of two information security books published in German by dpunkt.verlag of Heidelberg, Germany.

Additional Resources
Chapter 2: "Back to the 90s" (PDF)
Table of Contents
Detailed Table of Contents (PDF)
Index (PDF)
No Starch Press Catalog Page

A Bug Hunter's Diary A Bug Hunter's Diary
Publisher: No Starch Press
By Tobias Klein
ISBN 9781593273859, $39.95 USD
November 2011, 208 pp.

Request Review copy

Available in fine bookstores everywhere, from http://www.oreilly.com/nostarch, or directly from No Starch Press (http://www.nostarch.com, orders@nostarch.com, 1-800-420-7240).

About No Starch Press
Founded in 1994, No Starch Press is one of the few remaining independent computer book publishers. We publish the finest in geek entertainment—unique books on technology, with a focus on open source, security, hacking, programming, alternative operating systems, LEGO, science, and math. Our titles have personality, our authors are passionate, and our books tackle topics that people care about. Visit http://www.nostarch.com for a complete catalog.

About O’Reilly

O’Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O’Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying “faint signals” from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.

Email a link to this press release