The Vulnerability Researcher's Handbook A Comprehensive Guide to Discovering, Reporting, and Publishing Security Vulnerabilities /

Learn the right way to discover, report, and publish security vulnerabilities to prevent exploitation of user systems and reap the rewards of receiving credit for your work Key Features Build successful strategies for planning and executing zero-day vulnerability research Find the best ways to discl...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Strout, Benjamin (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Birmingham : Packt Publishing, Limited, 2023.
Edición:1st edition.
Temas:
Business enterprises > Computer networks > Security measures.
Management information systems > Security measures.
Systèmes d'information de gestion > Sécurité > Mesures.
Business enterprises > Computer networks > Security measures
Electronic books.
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright and Credits
  • Dedication
  • Contributors
  • Disclaimer
  • Table of Contents
  • Preface
  • Part 1- Vulnerability Research Fundamentals
  • Chapter 1: An Introduction to Vulnerabilities
  • Introducing software vulnerabilities
  • The CIA Triad
  • Organizing impacts
  • Getting familiar with software vulnerability scanners
  • Common vulnerability scanning tools
  • Exploring common types of software vulnerabilities
  • Web applications
  • Client-server applications
  • Inspecting the software vulnerability life cycle
  • Inception
  • Discovery
  • Exploitation and remediation
  • Deprecation
  • Summary
  • Further reading
  • Chapter 2: Exploring Real-World Impacts of Zero-Days
  • Zero-days
  • what are they?
  • Zero-day vulnerability
  • Zero-day attack
  • An analogy of zero-day terminology
  • Exploring zero-day case studies
  • Pulse
  • CVE-2019-11510
  • Confluence
  • CVE-2021-26084
  • Microsoft .NET CVE-2017-8759
  • Citrix
  • CVE-2019-19781
  • Considering zero-day ethics
  • Researcher responsibility
  • Vendor responsibility
  • Summary
  • Further reading
  • Chapter 3: Vulnerability Research
  • Getting Started with Successful Strategies
  • Technical requirements
  • What is vulnerability research?
  • Conducting research
  • Selecting research targets
  • Finding targets that interest you
  • Likely vulnerable and downloadable software
  • Exploring vulnerabilities with test cases
  • Test cases
  • a primer
  • Building effective test suites
  • Writing your own test cases
  • Introducing common research tools
  • Note-taking, screenshot, and screen recording tools
  • Hypervisors and virtual machines
  • Web application proxies
  • Debuggers and decompilers
  • Summary
  • Further reading
  • Part 2
  • Vulnerability Disclosure, Publishing, and Reporting
  • Chapter 4: Vulnerability Disclosure
  • Communicating Security Findings
  • Vulnerability disclosure
  • what and why
  • What is vulnerability disclosure?
  • Why is vulnerability disclosure important?
  • Different types of disclosures
  • Bug bounties and coordinated disclosure
  • Initiating disclosure
  • What happens after disclosure?
  • Sample disclosure template
  • Approaching common challenges
  • Duplication of efforts
  • Unresponsive vendors
  • Uncooperative vendors
  • Failed vendors
  • Hostile vendors
  • Summary
  • Further reading
  • Chapter 5: Vulnerability Publishing -Getting Your Work Published in Databases
  • Demystifying vulnerability publishing
  • Why publish vulnerabilities?
  • What are some of the risks involved in vulnerability publishing?
  • Selecting the right vulnerability publishing method
  • CVE
  • CVE CNA intermediates
  • Ineligible application publication options
  • Exploitation databases
  • Practical vulnerability publishing examples
  • A CNA-sponsored CVE
  • A CNA-LR-sponsored CVE
  • CNA intermediate sponsored CVE
  • Summary
  • Further reading
  • Chapter 6: Vulnerability Mediation
  • When Things Go Wrong and Who Can Help

Ejemplares similares