Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying The Vulnerability Researcher's Handbook
  • Table Of Contents Toc
The Vulnerability Researcher's Handbook

The Vulnerability Researcher's Handbook

By : Benjamin Strout
5 (1)
Buy this Book
close
close
The Vulnerability Researcher's Handbook

The Vulnerability Researcher's Handbook

5 (1)
By: Benjamin Strout
Buy this Book

Overview of this book

Vulnerability researchers are in increasingly high demand as the number of security incidents related to crime continues to rise with the adoption and use of technology. To begin your journey of becoming a security researcher, you need more than just the technical skills to find vulnerabilities; you’ll need to learn how to adopt research strategies and navigate the complex and frustrating process of sharing your findings. This book provides an easy-to-follow approach that will help you understand the process of discovering, disclosing, and publishing your first zero-day vulnerability through a collection of examples and an in-depth review of the process. You’ll begin by learning the fundamentals of vulnerabilities, exploits, and what makes something a zero-day vulnerability. Then, you'll take a deep dive into the details of planning winning research strategies, navigating the complexities of vulnerability disclosure, and publishing your research with sometimes-less-than-receptive vendors. By the end of the book, you'll be well versed in how researchers discover, disclose, and publish vulnerabilities, navigate complex vendor relationships, receive credit for their work, and ultimately protect users from exploitation. With this knowledge, you’ll be prepared to conduct your own research and publish vulnerabilities.
Table of Contents (16 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book
1
Part 1– Vulnerability Research Fundamentals
Icon
Part 1– Vulnerability Research Fundamentals
Lock Free Chapter
2
Chapter 1: An Introduction to Vulnerabilities
Icon
Chapter 1: An Introduction to Vulnerabilities
Icon
Introducing software vulnerabilities
Icon
Getting familiar with software vulnerability scanners
Icon
Exploring common types of software vulnerabilities
Icon
Inspecting the software vulnerability life cycle
Icon
Summary
Icon
Further reading
3
Chapter 2: Exploring Real-World Impacts of Zero-Days
Icon
Chapter 2: Exploring Real-World Impacts of Zero-Days
Icon
Zero-days – what are they?
Icon
Exploring zero-day case studies
Icon
Considering zero-day ethics
Icon
Summary
Icon
Further reading
4
Chapter 3: Vulnerability Research – Getting Started with Successful Strategies
Icon
Chapter 3: Vulnerability Research – Getting Started with Successful Strategies
Icon
Technical requirements
Icon
What is vulnerability research?
Icon
Selecting research targets
Icon
Exploring vulnerabilities with test cases
Icon
Introducing common research tools
Icon
Summary
Icon
Further reading
5
Part 2 – Vulnerability Disclosure, Publishing, and Reporting
Icon
Part 2 – Vulnerability Disclosure, Publishing, and Reporting
6
Chapter 4: Vulnerability Disclosure – Communicating Security Findings
Icon
Chapter 4: Vulnerability Disclosure – Communicating Security Findings
Icon
Vulnerability disclosure – what and why
Icon
Initiating disclosure
Icon
Approaching common challenges
Icon
Summary
Icon
Further reading
7
Chapter 5: Vulnerability Publishing –Getting Your Work Published in Databases
Icon
Chapter 5: Vulnerability Publishing –Getting Your Work Published in Databases
Icon
Demystifying vulnerability publishing
Icon
Selecting the right vulnerability publishing method
Icon
Practical vulnerability publishing examples
Icon
Summary
Icon
Further reading
8
Chapter 6: Vulnerability Mediation – When Things Go Wrong and Who Can Help
chevron up
Icon
Chapter 6: Vulnerability Mediation – When Things Go Wrong and Who Can Help
Icon
The basics of vulnerability mediation
Icon
Resolving disputes through vulnerability mediation
Icon
Mediator resources
Icon
Summary
9
Chapter 7: Independent Vulnerability Publishing
Icon
Chapter 7: Independent Vulnerability Publishing
Icon
Independent disclosures and their place in a vulnerability life cycle
Icon
The benefits of independent publishing
Icon
Risks of independent publishing
Icon
How to independently publish while avoiding risks
Icon
Summary
Icon
Additional reading
10
Part 3 – Case Studies, Researcher Resources, and Vendor Resources
Icon
Part 3 – Case Studies, Researcher Resources, and Vendor Resources
11
Chapter 8: Real-World Case Studies – Digging into Successful (and Unsuccessful) Research Reporting
Icon
Chapter 8: Real-World Case Studies – Digging into Successful (and Unsuccessful) Research Reporting
Icon
Case study 1 – are we there yet?
Icon
Case study 2 – contract clause
Icon
Case study 3 – tough customers
Icon
Case study 4 – large corporations and you
Icon
Case study 5 – I’d like to speak to your manager
Icon
Summary
12
Chapter 9: Working with Security Researchers – A Vendor’s Guide
Icon
Chapter 9: Working with Security Researchers – A Vendor’s Guide
Icon
What is a security researcher?
Icon
Harnessing researcher resources
Icon
Building trust and collaboration with researchers
Icon
Crafting a responsible disclosure policy
Icon
Summary
13
Chapter 10: Templates, Resources, and Final Guidance
Icon
Chapter 10: Templates, Resources, and Final Guidance
Icon
Research test case templates
Icon
Vendor communication email templates
Icon
CVE templates
Icon
Organizational templates
Icon
Summary and final words
Icon
Further reading
14
Index
Icon
Index
Icon
Why subscribe?
15
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book

Vulnerability Mediation – When Things Go Wrong and Who Can Help

In the summer of 2021, German researcher Lilith Wittmann found herself entangled in a criminal investigation after disclosing security findings. The ruling political party of Germany at the time, the Christian Democratic Union (CDU), was using mobile applications to collect public opinion information for an upcoming election. With her organization, the Chaos Computer Club (CCC), Wittmann responsibly disclosed the vulnerability to the CDU, the Federal Office of Information Security, and the Berlin Data Protection Commissioner. Wittmann claimed that the vulnerability was so simple it was difficult to even call it a hack. The vulnerability exposed data on half a million German citizens and thousands of election workers. After the disclosure, the CDU initiated a criminal investigation of Wittmann and began reporting to the media that they were victims of data theft and were working with police to bring justice for this...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
The Vulnerability Researcher's Handbook
End of Section 8
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon