The Vulnerability Researcher’s Handbook. A comprehensive guide to discovering, reporting, and publishing security vulnerabilities

Cover
Title Page
Copyright and Credits
Dedication
Contributors
Disclaimer
Table of Contents
Preface
Part 1– Vulnerability Research Fundamentals
Chapter 1: An Introduction to Vulnerabilities
	Introducing software vulnerabilities
		The CIA Triad
		Organizing impacts
	Getting familiar with software vulnerability scanners
		Common vulnerability scanning tools
	Exploring common types of software vulnerabilities
		Web applications
		Client-server applications
	Inspecting the software vulnerability life cycle
		Inception
		Discovery
		Exploitation and remediation
		Deprecation
	Summary
	Further reading
Chapter 2: Exploring Real-World Impacts of Zero-Days
	Zero-days – what are they?
		Zero-day vulnerability
		Zero-day attack
		An analogy of zero-day terminology
	Exploring zero-day case studies
		Pulse – CVE-2019-11510
		Confluence – CVE-2021-26084
		Microsoft .NET CVE-2017-8759
		Citrix – CVE-2019-19781
	Considering zero-day ethics
		Researcher responsibility
		Vendor responsibility
	Summary
	Further reading
Chapter 3: Vulnerability Research – Getting Started with Successful Strategies
	Technical requirements
	What is vulnerability research?
		Conducting research
	Selecting research targets
		Finding targets that interest you
		Likely vulnerable and downloadable software
	Exploring vulnerabilities with test cases
		Test cases – a primer
		Building effective test suites
		Writing your own test cases
	Introducing common research tools
		Note-taking, screenshot, and screen recording tools
		Hypervisors and virtual machines
		Web application proxies
		Debuggers and decompilers
	Summary
	Further reading
Part 2 – Vulnerability Disclosure, Publishing, and Reporting
Chapter 4: Vulnerability Disclosure – Communicating Security Findings
	Vulnerability disclosure – what and why
		What is vulnerability disclosure?
		Why is vulnerability disclosure important?
		Different types of disclosures
		Bug bounties and coordinated disclosure
	Initiating disclosure
		What happens after disclosure?
		Sample disclosure template
	Approaching common challenges
		Duplication of efforts
		Unresponsive vendors
		Uncooperative vendors
		Failed vendors
		Hostile vendors
	Summary
	Further reading
Chapter 5: Vulnerability Publishing –Getting Your Work Published in Databases
	Demystifying vulnerability publishing
		Why publish vulnerabilities?
		What are some of the risks involved in vulnerability publishing?
	Selecting the right vulnerability publishing method
		CVE
		CVE CNA intermediates
		Ineligible application publication options
		Exploitation databases
	Practical vulnerability publishing examples
		A CNA-sponsored CVE
		A CNA-LR-sponsored CVE
		CNA intermediate sponsored CVE
	Summary
	Further reading
Chapter 6: Vulnerability Mediation – When Things Go Wrong and Who Can Help
	The basics of vulnerability mediation
		What is vulnerability mediation?
		Types of mediators
		When to consider mediation services
		Benefits of vulnerability mediation
	Resolving disputes through vulnerability mediation
		The vulnerability mediation process
	Mediator resources
		The CERT/CC
		The US-CERT
		The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
		Other CERT organizations
		Bug bounty programs
		Legal support
		Other mediation options
	Summary
Chapter 7: Independent Vulnerability Publishing
	Independent disclosures and their place in a vulnerability life cycle
	The benefits of independent publishing
	Risks of independent publishing
	How to independently publish while avoiding risks
		Avoiding the common risks in publishing
		How to independently publish a vulnerability
		A before-you-publish checklist
	Summary
	Additional reading
Part 3 – Case Studies, Researcher Resources, and Vendor Resources
Chapter 8: Real-World Case Studies – Digging into Successful (and Unsuccessful) Research Reporting
	Case study 1 – are we there yet?
		Lessons learned
		Possible improvements
	Case study 2 – contract clause
		Lessons learned
		Possible improvements
	Case study 3 – tough customers
		Lessons learned
		Possible improvements
	Case study 4 – large corporations and you
		Lessons learned
		Possible improvements
	Case study 5 – I’d like to speak to your manager
		Lessons learned
		Possible improvements
	Summary
Chapter 9: Working with Security Researchers – A Vendor’s Guide
	What is a security researcher?
		The characteristics of a researcher
		The skillset of a researcher
		The motivations of a researcher
	Harnessing researcher resources
	Building trust and collaboration with researchers
		Avoiding common relationship missteps
		Building positive vendor-researcher relations
	Crafting a responsible disclosure policy
		An example policy – Acme Logistics’ responsible disclosure policy
	Summary
Chapter 10: Templates, Resources, and Final Guidance
	Research test case templates
	Vendor communication email templates
		An introduction email for a company with no security disclosure policy
		Sample disclosure template with security policy
		Attempting to reinitialize communication
		Notification of pending publication with an unresponsive vendor
	CVE templates
		CVE reservation template
		CVE disclosure template
	Organizational templates
		Workspace
		Research to disclosure
	Summary and final words
	Further reading
Index
About Packt
Other Books You May Enjoy