Great Lakes Geek Book Review

Real-World Bug Hunting
A Field Guide to Web Hacking
by Peter Yaworski

The word "hacker" has had a roller coaster of values placed on it. It has meant someone who gets into the nuts and bolts of something and tweaks it to make it different and better to someone who breaks into other people's stuff for malicious purposes. So the term "ethical hacker" has evolved to make sure that there is no confusion about the hacker's intentions. "Bug Bounties" are rewards for ethically discovering and reporting vulnerabilities to website owners.

While the author says you don't have to read the book in order - you can jump to a particular vulnerability of interest - if you are a newbie or inexperienced you will want to start with Chapter 1. This chapter gives the basics of things like packets, clients, servers, HTTP and what exactly happens when you visit a website.

Various vulnerabilities have a chapter dedicated to them such as Open Redirects, Cross-site Scripting and so on. They are covered in detail, even the date of reporting and the amount the hacker earned. It's a lot of information and this is where the author's earlier advice to choose a section of interest comes in.

As an old-timer, I went to the Memory Vulnerabilities section. With C and C++ for example, the programmer is responsible for memory management. More modern languages like Ruby, Python and Java handle the memory management for you.

After covering over a dozen vulnerabilities in great detail, the author guides you through a basic approach to begin hacking an application and making a report and maybe even collecting a bug bounty.

The Appendix lists lots of tools and recommended resources to advance your hacking even more.

Honestly, much of the vulnerability content was beyond my interest and ability. But if this is your area of interest Real-World Bug Hunting: A Field Guide to Web Hacking is a thorough and excellent resource.

I'm glad nostarch press keeps cranking these out.

Great Lakes Geek Rating:4 out of 5 pocket protectors.

Reviewed by Entreprenerd Dan Hanson, the Great Lakes Geek

What are you reading?  Let us know at

Top of Page

Back to Great Lakes Geek Book Reviews

Dan Hanson, the Great Lakes Geek

 Copyright 2005-2019
      Magnum Computers Inc.