Rust for Defensive and Offensive Security: A Dual-Track Guide to Safe Code and Reverse Engineering

If you're a Rust developer who wants to build bullet-proof applications and also learn how attackers break into them, this book is your definitive, dual-track companion. You'll master defensive techniques, supply-chain hardening, static analysis, fuzz testing, sandboxing, secure CI/CD, runtime defenses, safe FFI abstractions and offensive skills like binary patching, reverse engineering, and return-oriented programming.

Rust for Defensive and Offensive Security walks you through real, hands-on projects that prove each concept in practice. You won't just read about threats-you'll wield the same tools attackers use to locate vulnerabilities, then turn around and apply rigorous defenses in your own code.

Inside, You'll Build and Master: A Supply-Chain-Hardened Web Service: Vet and pin dependencies with cargo-audit and cargo-deny, vendor your code, and integrate Sigstore for end-to-end library signing.A Static Analysis & Fuzz Testing Pipeline: Automate Clippy, MIRI, and AddressSanitizer in CI, then write cargo-fuzz targets that unearth edge-case crashes in JSON and URL parsers.A Threat-Modeled Microservice: Apply STRIDE and DREAD, containerize with Docker, enforce seccomp and AppArmor, and deploy via GitHub Actions that build, sign, and verify binaries.A WASM-Sandboxed Plugin Host: Embed Wasmtime to run untrusted modules in linear-memory sandboxes, enforce resource limits, and expose a minimal host API to prevent escapes.A Secure CI/CD Pipeline & Code Signing Workflow: Enforce pull-request gates for linting and auditing, sign artifacts with GPG and Cosign, and automate verification before every deployment.Runtime Defense-in-Depth: Compile with PIE/ASLR, stack canaries, Control-Flow Integrity, and sanitizers to stop buffer overflows, ROP chains, and use-after-free exploits.Safe FFI Wrappers & Unsafe Abstractions: Wrap a C library using raw pointers, introduce a controlled use-after-free, detect it with ASan, then refactor into a safe Rust API.Custom Smart Pointers in unsafe: Build MyBox and MyRc, documenting safety invariants and testing them under MIRI and sanitizers.Binary Patching & Reverse Engineering: Use radare2 and Ghidra to disassemble stripped Rust binaries, locate and overwrite authentication checks, and confirm bypasses in real time.A ROP Proof of Concept: Exploit an unsafe buffer overflow to overwrite a return address and invoke a hidden secret() function, then harden your build so future ROP attempts fail.Patch-and-Rebuild Automation: Apply minimal source diffs, leverage reproducible builds, and script the entire patch-test cycle to ensure your fixes are reliable and auditable.Why Choose This Dual-Track Guide?Learn by doing both offense and defense, so you can think like an attacker while building ironclad Rust applications.Focus on professional tools and workflows-Clippy, MIRI, cargo-fuzz, Wasmtime, Sigstore, radare2, Ghidra-that mirror real-world security practices.Gain a clear, hands-on path from theory to practice, with projects you can deploy or adapt immediately.Master both safe Rust paradigms and the careful use of unsafe, backed by rigorous testing and sanitizers.Future-proof your expertise with the latest security techniques, from WASM sandboxing to code-signing best practices.If you're ready to defend and deconstruct Rust programs at the highest level, Rust for Defensive and Offensive Security is the book you've been waiting for.