A Bug Hunter's Diary

Praise

“While I am not a hard core C or assembly language programmer, I loved the book; I felt like I was watching over the author’s shoulder as he tracked down software bugs.”
—Tony Patton, TechRepublic 

“This is one of the most interesting infosec books to come out in the last several years.”
—Dino Dai Zovi, Information Security Professional 

“What [Tobias Klein] does do, and does very well, is draw a straight line from source or assembly to the beginning stages of a viable exploit. It is a very satisfying book to read and there are great bits of knowledge to be had.”
—Alex McGeorge, Immunity Inc. 

“I definitely recommend this book for anyone who is just starting out in this field and is interested to know exactly what the process of finding software vulnerabilities is like.”
—Chris Rohlf, Matasano Security, EM_386 

“The first hand accounts of real world vulnerability discovery offer great perspective for anyone seeking to move beyond the theory of vulnerability discovery and exploitation and into the practice of same.”
—Chris Eagle, Senior Lecturer of Computer Science at the Naval Postgraduate School

“An entertaining, even fascinating, spelunking through the wilds of low-level, slightly flawed code. Recommended.”
—Dr. Dobb’s Developer’s Reading List 

“Tobias Klein’s book offers something to those who have an interest in software security. And the fact that it is presented in such an approachable format makes it easy to dive into the life of a bug hunter.”
—The Ethical Hacker Network 

“Klein gives us a fascinating, technically detailed insight into how zero-day vulnerabilities are found. There’s a good argument that this book should be made required reading for all programmers.”
—Network Security Newsletter, January 2012

“What makes this book stand apart from others is the fact that it offers insight into the approaches, techniques and, more importantly, the way of thinking used by the author to find specific bugs in real-life software products.”
—Help Net Security 

“A quick, easy read that was also incredibly informative. It was a pleasure to read and gain the insight of a security researcher’s world. I highly recommend it to any IT professional.”
—404 Tech Support 

“A read of this book may change your view of computer software forever.”
—Stephen Chapman, Felgall.com 

“This book should be required reading for new software developers.”
—Steve Hannah: This Week 

“A Bug Hunter’s Diary is a great and focused glimpse into the world of vulnerability exploitation, and the approaches described will be of interest to a range of individuals.”
—Michael Larsen, TESTHEAD 

“If you’re tired of ordinary programming books, and looking for something a little different, this might be a good book to try. It’s got lots of code to read, lots of bugs to understand, and lots of tools and techniques on display.”
—Bryan Pendleton, Journal of a Programmer

“Tobias Klein is an excellent security researcher with experience in both closed and open source bug hunting as well as exploit development in many different architectures. I would definitely suggest this book to anyone interested in real world bug hunting and exploitation and not just vuln.c programs.”
—xorl.wordpress.com 

“A Bug Hunter’s Diary is fun to read in part because we tune in at the dramatic turns, if you will, of each story. What deductions Klein gleans from each turn follows logically from his preparation and his methods. What also seems to help is the muted pleasure he gets from his work.”
—Michael Ernest, JavaRanch 

“This book made me feel like I was sitting down with Mr. Klein personally, pouring over code, gleaning the nuggets of wisdom and information that come from his in-depth understanding of software design and debugging.”
—Digital Overdrive 

“An interesting read for the more serious programmer.”
—ACM SIGSOFT Software Engineering Notes

“The writing is engaging and to the point, but still contains a lot of technical detail.”
—Michael Kohl, citizen428.blog() 

“The book is great and a nice diversion from other technical books and can be recommended to security consultants, software engineers, and security researchers.”
—Michael Heinzl, aweSEC 

“I would especially recommend A Bug Hunter’s Diary as an excellent supplement of a security textbook to everyone making his first steps in the software security field.”
—Mateusz “j00ru” Jurczyk, Google Inc.

“A short and delightful read, I devoured A Bug Hunter’s Diary cover to cover in record time. Once I started reading, I would find it hard to put down.”
—The Linux Blog