A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security

This book is really good for getting a feel for the mindset and process required for vulnerability hunting. He goes over fuzzing techniques, where to look for weak points in application code, and much more.However, the author is German and the laws in Germany are restrictive against redistributing "hacker code." This means the code samples in the book are usually incomplete, with everything but the exploit mechanism included. Personally for me this was a big drawback, as I find reading source code the best way to learn techniques like these.

Well its a good book, not excellent because has not steps to do things or present the same case on differents views like "case study" if the book show "how to do.. " like cook book it will be an excellent book but its 4 stars because the book is small and explain many concepts so you need to know previously C debugging, overflow, heap, etci think if the book detail more about how to exploit that things it will be excellent

This books offers an excellent introduction to the process of discovering and initiating fileless attacks on computer operating systems. It is a concise and well written book - highly recommended.

TL;DR: If you're interested in bug hunting, this is the book you want.I read this book after reading  TAOSSA  and was very impressed. TAOSSA methodically details everything that can go wrong in a program (see Chapter 6). A Bug Hunter's Diary is the perfect followup, showing you the thought process behind bug hunting. After you pick up this book, you'll want to start searching for your own bugs - and you'll likely find some too!

This is a good look at the thought process involved when looking for bugs in software. The book does not go into all the details, though. This makes it good when trying to teach the process. Other materials can be used to show detailed tool and techniques.

This is a very good book. But make sure you have great coding skills in order to take advantage of all that the book can offer. I'm not a coder myself, so I'll have to improve those skills, and get back an re-read this book.But all in all, it's an excelent book for security professionals/researchers and web application penetration testers.

Finding vulnerabilities in software is hard, and although there are a lot of sources for learning the theory of how to do it, this book actually walks you step by step through how the author found some in a variety of software. This is the only book of it's kind (at least as of 2013).

If you're technically-inclined, a security researcher, or just someone who is interested in computer security, chances are you'll love this book. It goes into detail about each vulnerability, in a unique format, explaining the technical details and just about everything you'd need to know. A geek's diary if there ever was one. Hard to put this one down. Recommended read!

Uses windows vista, doesn't include exploit code, doesn't explain the process leading to you looking in a particular file in the first place. You can follow along with the exploit, to an extent, but he doesn't tell you why/how you would identify a vulnerable file from several hundred files.

Great book, recommended for anyone interested in Infosec

Libro eccellente, molto ben fatto.Preciso nei passaggi e molto discorsivo, non è un libro da leggere a tempo perso, necessita di attenzione e concentrazione ma molto professionale.