Exploiting Software: How to Break Code
Date: 08 May 2011, 00:33
|
How does software break? How do attackers make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? What tools can be used to break software? This book provides the answers. Exploiting Software is loaded with examples of real attacks, attack patterns, tools, and techniques used by bad guys to break software. If you want to protect your software from attack, you must first learn how real attacks are really carried out. This must-have book may shock you-and it will certainly educate you. Getting beyond the script kiddie treatment found in many hacking books, you will learn about * Why software exploit will continue to be a serious problem. * When network security mechanisms do not work * Attack patterns * Reverse engineering * Classic attacks against server software * Surprising attacks against client software * Techniques for crafting malicious input * The technical details of buffer overflows * Rootkits Exploiting Software is filled with the tools, concepts, and knowledge necessary to break software. Amazon.com Computing hardware would have no value without software; software tells hardware what to do. Software therefore must have special authority within computing systems. All computer security problems stem from that fact, and Exploiting Software: How to Break Code shows you how to design your software so it's as resistant as possible to attack. Sure, everything's phrased in offensive terms (as instructions for the attacker, that is), but this book has at least as much value in showing designers what sorts of attacks their software will face (the book could serve as a checklist for part of a pre-release testing regimen). Plus, the clever reverse-engineering strategies that Greg Hoglund and Gary McGraw teach will be useful in many legitimate software projects. Consider this a recipe book for mayhem, or a compendium of lessons learned by others. It depends on your situation. PHP programmers will take issue with the authors' blanket assessment of their language ("PHP is a study in bad security"), much of which seems based on older versions of the language that had some risky default behaviors--but those programmers will also double-check their servers' register_globals settings. Users of insufficiently patched Microsoft and Oracle products will worry about the detailed attack instructions this book contains. Responsible programmers and administrators will appreciate what amounts to documentation of attackers' rootkits for various operating systems, and will raise their eyebrows at the techniques for writing malicious code to unused EEPROM chips in target systems. --David Wall Topics covered: How to make software fail, either by doing something it wasn't designed to do, or by denying its use to its rightful users. Techniques--including reverse engineering, buffer overflow, and particularly provision of unexpected input--are covered along with the tools needed to carry them out. A section on hardware viruses is detailed and frightening. PassWord: books_for_all
|
DISCLAIMER:
This site does not store Exploiting Software: How to Break Code on its server. We only index and link to Exploiting Software: How to Break Code provided by other sites. Please contact the content providers to delete Exploiting Software: How to Break Code if any and email us, we'll remove relevant links or contents immediately.