Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying The Vulnerability Researcher's Handbook
  • Table Of Contents Toc
The Vulnerability Researcher's Handbook

The Vulnerability Researcher's Handbook

By : Benjamin Strout
5 (1)
Buy this Book
close
close
The Vulnerability Researcher's Handbook

The Vulnerability Researcher's Handbook

5 (1)
By: Benjamin Strout
Buy this Book

Overview of this book

Vulnerability researchers are in increasingly high demand as the number of security incidents related to crime continues to rise with the adoption and use of technology. To begin your journey of becoming a security researcher, you need more than just the technical skills to find vulnerabilities; you’ll need to learn how to adopt research strategies and navigate the complex and frustrating process of sharing your findings. This book provides an easy-to-follow approach that will help you understand the process of discovering, disclosing, and publishing your first zero-day vulnerability through a collection of examples and an in-depth review of the process. You’ll begin by learning the fundamentals of vulnerabilities, exploits, and what makes something a zero-day vulnerability. Then, you'll take a deep dive into the details of planning winning research strategies, navigating the complexities of vulnerability disclosure, and publishing your research with sometimes-less-than-receptive vendors. By the end of the book, you'll be well versed in how researchers discover, disclose, and publish vulnerabilities, navigate complex vendor relationships, receive credit for their work, and ultimately protect users from exploitation. With this knowledge, you’ll be prepared to conduct your own research and publish vulnerabilities.
Table of Contents (16 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book
1
Part 1– Vulnerability Research Fundamentals
Icon
Part 1– Vulnerability Research Fundamentals
Lock Free Chapter
2
Chapter 1: An Introduction to Vulnerabilities
Icon
Chapter 1: An Introduction to Vulnerabilities
Icon
Introducing software vulnerabilities
Icon
Getting familiar with software vulnerability scanners
Icon
Exploring common types of software vulnerabilities
Icon
Inspecting the software vulnerability life cycle
Icon
Summary
Icon
Further reading
3
Chapter 2: Exploring Real-World Impacts of Zero-Days
Icon
Chapter 2: Exploring Real-World Impacts of Zero-Days
Icon
Zero-days – what are they?
Icon
Exploring zero-day case studies
Icon
Considering zero-day ethics
Icon
Summary
Icon
Further reading
4
Chapter 3: Vulnerability Research – Getting Started with Successful Strategies
Icon
Chapter 3: Vulnerability Research – Getting Started with Successful Strategies
Icon
Technical requirements
Icon
What is vulnerability research?
Icon
Selecting research targets
Icon
Exploring vulnerabilities with test cases
Icon
Introducing common research tools
Icon
Summary
Icon
Further reading
5
Part 2 – Vulnerability Disclosure, Publishing, and Reporting
Icon
Part 2 – Vulnerability Disclosure, Publishing, and Reporting
6
Chapter 4: Vulnerability Disclosure – Communicating Security Findings
chevron up
Icon
Chapter 4: Vulnerability Disclosure – Communicating Security Findings
Icon
Vulnerability disclosure – what and why
Icon
Initiating disclosure
Icon
Approaching common challenges
Icon
Summary
Icon
Further reading
7
Chapter 5: Vulnerability Publishing –Getting Your Work Published in Databases
Icon
Chapter 5: Vulnerability Publishing –Getting Your Work Published in Databases
Icon
Demystifying vulnerability publishing
Icon
Selecting the right vulnerability publishing method
Icon
Practical vulnerability publishing examples
Icon
Summary
Icon
Further reading
8
Chapter 6: Vulnerability Mediation – When Things Go Wrong and Who Can Help
Icon
Chapter 6: Vulnerability Mediation – When Things Go Wrong and Who Can Help
Icon
The basics of vulnerability mediation
Icon
Resolving disputes through vulnerability mediation
Icon
Mediator resources
Icon
Summary
9
Chapter 7: Independent Vulnerability Publishing
Icon
Chapter 7: Independent Vulnerability Publishing
Icon
Independent disclosures and their place in a vulnerability life cycle
Icon
The benefits of independent publishing
Icon
Risks of independent publishing
Icon
How to independently publish while avoiding risks
Icon
Summary
Icon
Additional reading
10
Part 3 – Case Studies, Researcher Resources, and Vendor Resources
Icon
Part 3 – Case Studies, Researcher Resources, and Vendor Resources
11
Chapter 8: Real-World Case Studies – Digging into Successful (and Unsuccessful) Research Reporting
Icon
Chapter 8: Real-World Case Studies – Digging into Successful (and Unsuccessful) Research Reporting
Icon
Case study 1 – are we there yet?
Icon
Case study 2 – contract clause
Icon
Case study 3 – tough customers
Icon
Case study 4 – large corporations and you
Icon
Case study 5 – I’d like to speak to your manager
Icon
Summary
12
Chapter 9: Working with Security Researchers – A Vendor’s Guide
Icon
Chapter 9: Working with Security Researchers – A Vendor’s Guide
Icon
What is a security researcher?
Icon
Harnessing researcher resources
Icon
Building trust and collaboration with researchers
Icon
Crafting a responsible disclosure policy
Icon
Summary
13
Chapter 10: Templates, Resources, and Final Guidance
Icon
Chapter 10: Templates, Resources, and Final Guidance
Icon
Research test case templates
Icon
Vendor communication email templates
Icon
CVE templates
Icon
Organizational templates
Icon
Summary and final words
Icon
Further reading
14
Index
Icon
Index
Icon
Why subscribe?
15
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book

Vulnerability Disclosure – Communicating Security Findings

In 2008, Dan Kaminsky discovered a severe vulnerability in the Domain Name System (DNS) protocol. This vulnerability was particularly dangerous because it could be used to redirect traffic from entire domains, such as .com or .org. This could allow for man-in-the-middle attacks, site redirection, and several other scenarios. It was a serious vulnerability with wide-reaching impacts.

Kaminsky understood the threat and immediately alerted Microsoft, who worked with him and many other vendors in secret to patch the issue. Once the patch was ready, Kaminsky held a press conference where he and the vendors announced patches that impacted the technology. At the press conference, few details were provided outside of the need to patch vulnerable systems. However, Kaminsky shared that all would be revealed in a talk at the BlackHat conference in Las Vegas, Nevada a few weeks after the press conference.

Vulnerability researchers...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
The Vulnerability Researcher's Handbook
End of Section 6
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon