Part 3: Vulnerability Discovery

Chapter 13: Establishing a Working Environment

Chapter 14: Fault Injection

Chapter 15: The Art of Fuzzing

Chapter 16: Source Code Auditing: Finding Vulnerabilities in C-Based Languages

Chapter 17: Instrumented Investigation: A Manual Approach

Chapter 18: Tracing for Vulnerabilities

Chapter 19: Binary Auditing: Hacking Close Source Software

Part Overview

Now that you are an expert at hacking Linux, Windows, and Solaris, we will move into the section of the book dedicated to discovering vulnerabilities. We will cover the most popular methods used by hackers in the real world. First things first, you must set up a working environment, a platform to orchestrate vulnerability discovery from. In Chapter 13, we will cover the tools and reference materials you will need for productive and efficient vulnerability discovery. Chapter 14 will introduce one of the more popular methods of automated vulnerability discovery, fault injection. A similar method of automated bug finding is detailed in Chapter 15, fuzzing.

Other forms of vulnerability discovery are just as valid as fuzzing, so they are covered as well. Discovering vulnerabilities by auditing source code is important, as more and more important applications come with source code; Chapter 16 describes this method of bug hunting when you have source code. Manual methods of vulnerability discovery have proven to be highly successful, so Chapter 17 will go over instrumented investigation, using tried and true techniques for finding security bugs manually. Chapter 18 covers vulnerability tracing, a method of tracing where input is copied through many different functions, modules, and libraries. Finally, auditing binaries in Chapter 19 rounds out this part, with a comprehensive tutorial on discovering vulnerabilities when you have only a binary to work with.