Murakami Sale
 
 

Recently Viewed clear list


Q&A | August 19, 2014

Richard Kadrey: IMG Powell’s Q&A: Richard Kadrey



Describe your latest book. The Getaway God is the sixth book in the Sandman Slim series. In it, the very unholy nephilim, James Stark, aka Sandman... Continue »
  1. $17.49 Sale Hardcover add to wish list

spacer
Qualifying orders ship free.
$32.00
List price: $64.99
Used Trade Paper
Ships in 1 to 3 days
Add to Wishlist
available for shipping or prepaid pickup only
Available for In-store Pickup
in 7 to 12 days
Qty Store Section
1 Partner Warehouse Internet- General

More copies of this ISBN

Exploiting Software : How To Break Code (04 Edition)

by

Exploiting Software : How To Break Code (04 Edition) Cover

 

Synopses & Reviews

Please note that used books may not include additional media (study guides, CDs, DVDs, solutions manuals, etc.) as described in the publisher comments.

Publisher Comments:

Praise for Exploiting Software

Exploiting Software highlights the most critical part of the software quality problem. As it turns out, software quality problems are a major contributing factor to computer security problems. Increasingly, companies large and small depend on software to run their businesses every day. The current approach to software quality and security taken by software companies, system integrators, and internal development organizations is like driving a car on a rainy day with worn-out tires and no air bags. In both cases, the odds are that something bad is going to happen, and there is no protection for the occupant/owner. This book will help the reader understand how to make software quality part of the design—a key change from where we are today!”          —Tony Scott

             Chief Technology Officer, IS&S

             General Motors Corporation

“Its about time someone wrote a book to teach the good guys what the bad guys already know. As the computer security industry matures, books like Exploiting Software have a critical role to play.”          —Bruce Schneier

             Chief Technology Officer

             Counterpane

             Author of Beyond Fear and Secrets and Lies

Exploiting Software cuts to the heart of the computer security problem, showing why broken software presents a clear and present danger. Getting past the ‘worm of the day phenomenon requires that someone other than the bad guys understands how software is attacked. This book is a wake-up call for computer security.”          —Elinor Mills Abreu

             Reuters correspondent

“Police investigators study how criminals think and act. Military strategists learn about the enemys tactics, as well as their weapons and personnel capabilities. Similarly, information security professionals need to study their criminals and enemies, so we can tell the difference between popguns and weapons of mass destruction. This book is a significant advance in helping the ‘white hats understand how the ‘black hats operate. Through extensive examples and ‘attack patterns, this book helps the reader understand how attackers analyze software and use the results of the analysis to attack systems. Hoglund and McGraw explain not only how hackers attack servers, but also how malicious server operators can attack clients (and how each can protect themselves from the other). An excellent book for practicing security engineers, and an ideal book for an undergraduate class in software security.”          —Jeremy Epstein

             Director, Product Security & Performance

             webMethods, Inc.

“A provocative and revealing book from two leading security experts and world class software exploiters, Exploiting Software enters the mind of the cleverest and wickedest crackers and shows you how they think. It illustrates general principles for breaking software, and provides you a whirlwind tour of techniques for finding and exploiting software vulnerabilities, along with detailed examples from real software exploits. Exploiting Software is essential reading for anyone responsible for placing software in a hostile environment—that is, everyone who writes or installs programs that run on the Internet.”          —Dave Evans, Ph.D.

             Associate Professor of Computer Science

             University of Virginia

“The root cause for most of todays Internet hacker exploits and malicious software outbreaks are buggy software and faulty security software deployment. In Exploiting Software, Greg Hoglund and Gary McGraw help us in an interesting and provocative way to better defend ourselves against malicious hacker attacks on those software loopholes. The information in this book is an essential reference that needs to be understood, digested, and aggressively addressed by IT and information security professionals everywhere.”          —Ken Cutler, CISSP, CISA

             Vice President, Curriculum Development & Professional Services,

             MIS Training Institute

“This book describes the threats to software in concrete, understandable, and frightening detail. It also discusses how to find these problems before the bad folks do. A valuable addition to every programmers and security persons library!”          —Matt Bishop, Ph.D.

             Professor of Computer Science

             University of California at Davis

             Author of Computer Security: Art and Science

“Whether we slept through software engineering classes or paid attention, those of us who build things remain responsible for achieving meaningful and measurable vulnerability reductions. If you cant afford to stop all software manufacturing to teach your engineers how to build secure software from the ground up, you should at least increase awareness in your organization by demanding that they read Exploiting Software. This book clearly demonstrates what happens to broken software in the wild.”          —Ron Moritz, CISSP

             Senior Vice President, Chief Security Strategist

             Computer Associates

Exploiting Software is the most up-to-date technical treatment of software security I have seen. If you worry about software and application vulnerability, Exploiting Software is a must-read. This book gets at all the timely and important issues surrounding software security in a technical, but still highly readable and engaging, way. Hoglund and McGraw have done an excellent job of picking out the major ideas in software exploit and nicely organizing them to make sense of the software security jungle.”          —George Cybenko, Ph.D.

             Dorothy and Walter Gramm Professor of Engineering, Dartmouth

             Founding Editor-in-Chief, IEEE Security and Privacy

“This is a seductive book. It starts with a simple story, telling about hacks and cracks. It draws you in with anecdotes, but builds from there. In a few chapters you find yourself deep in the intimate details of software security. It is the rare technical book that is a readable and enjoyable primer but has the substance to remain on your shelf as a reference. Wonderful stuff.”          —Craig Miller, Ph.D.

             Chief Technology Officer for North America

             Dimension Data

“Its hard to protect yourself if you dont know what youre up against. This book has the details you need to know about how attackers find software holes and exploit them—details that will help you secure your own systems.”          —Ed Felten, Ph.D.

             Professor of Computer Science

             Princeton University

“If you worry about software and application vulnerability, Exploiting Software is a must-read. This book gets at all the timely and important issues surrounding software security in a technical, but still highly readable and engaging way.”

         —George Cybenko, Ph.D.

             Dorothy and Walter Gramm Professor of Engineering, Dartmouth

             Founding Editor-in-Chief, IEEE Security and Privacy Magazine

Exploiting Software is the best treatment of any kind that I have seen on the topic of software vulnerabilities.”

         —From the Foreword by Aviel D. Rubin

             Associate Professor, Computer Science

             Technical Director, Information Security Institute, Johns Hopkins University

How does software break? How do attackers make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? What tools can be used to break software? This book provides the answers.

Exploiting Software is loaded with examples of real attacks, attack patterns, tools, and techniques used by bad guys to break software. If you want to protect your software from attack, you must first learn how real attacks are really carried out.

This must-have book may shock you--and it will certainly educate you.Getting beyond the script kiddie treatment found in many hacking books, you will learn about

  • Why software exploit will continue to be a serious problem
  • When network security mechanisms do not work
  • Attack patterns
  • Reverse engineering
  • Classic attacks against server software
  • Surprising attacks against client software
  • Techniques for crafting malicious input
  • The technical details of buffer overflows
  • Rootkits

Exploiting Software is filled with the tools, concepts, and knowledge necessary to break software.

Book News Annotation:

Intended for software security professionals, this guide explains the techniques used by malicious hackers against software, describes specific attack patterns, and shows how to uncover new software vulnerabilities. The authors discuss the difference between implementation bugs and architectural flaws, reverse engineering tools, the weaknesses in server and client software, malicious input attacks, buffer overflows, and the construction of a simple Windows XP kernel rootkit that can hide processes and directories.
Annotation ©2004 Book News, Inc., Portland, OR (booknews.com)

Synopsis:

What is it about software that makes security such a problem? If you want to build secure software, how do you do it? These questions and the perseverance of three of the world's leading security experts, Gary McGraw, John Viega, and Greg Hoglund, led to the three books contained in this package.

Building Secure Software: How to Avoid Security Problems the Right Way, the white hat book, seems to have touched off a revolution. Security people who once relied solely on firewalls, intrusion detection, and anti-virus mechanisms came to understand and embrace the necessity of better software. This book provides a coherent and sensible philosophical foundation for the blossoming field of software security.

Exploiting Software: How to Break Code, the black hat book, provides a much needed balance, teaching how to break software and how malicious hackers write exploits. This book is meant as a reality check for software security, ensuring that the good guys address real attacks and invent and peddle solutions that actually work. Exploiting Software and Building Secure Software are in some senses mirror images.

Software Security: Building Security In unifies the two sides of software security--attack and defense, exploiting and designing, breaking and building--into a coherent whole. Like the yin and the yang, software security requires a careful balance.

Synopsis:

Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? What tools can be used to break software? This book provides the answers. "Exploiting Software" is loaded with examples of real attacks, attack patterns, tools, and techniques used to break software--a must-have title that may shock and educate readers.

About the Author

Greg Hoglund has been a pioneer in the area of software security. He is CEO of HBGary, Inc., a leading provider of software security verification services. After writing one of the first network vulnerability scanners (installed in over half of all Fortune 500 companies), he created and documented the first Windows NT-based rootkit, founding rootkit.com in the process. Greg is a frequent speaker at Black Hat, RSA, and other security conferences.

Gary McGraw, Cigital's CTO, is a leading authority on software security. Dr. McGraw is coauthor of the groundbreaking books Building Secure Software and Exploiting Software (both from Addison-Wesley). While consulting for major software producers and consumers, he has published over ninety peer-reviewed technical publications, and functions as principal investigator on grants from DARPA, the National Science Foundation, and NIST's Advanced Technology Program. He serves on the advisory boards of Authentica, Counterpane, and Fortify Software. He is also an advisor to the computer science departments at University of California, Davis, and the University of Virginia, as well as the School of Informatics at Indiana University.

Table of Contents

Attack Patterns.

Foreword.

Preface.

What This Book Is About.

How to Use This Book.

But Isn't This Too Dangerous?

Acknowledgments.

1. Software—The Root of the Problem.

A Brief History of Software.

Bad Software Is Ubiquitous.

The Trinity of Trouble.

The Future of Software.

What Is Software Security?

Conclusion.

2. Attack Patterns.

A Taxonomy.

An Open-Systems View.

Tour of an Exploit.

Attack Patterns: Blueprints for Disaster.

An Example Exploit: Microsoft's Broken C++ Compiler.

Applying Attack Patterns.

Attack Pattern Boxes.

Conclusion.

3. Reverse Engineering and Program Understanding.

Into the House of Logic.

Should Reverse Engineering Be Illegal?

Reverse Engineering Tools and Concepts.

Methods of the Reverser.

Writing Interactive Disassembler (IDA) Plugins.

Decompiling and Disassembling Software.

Decompilation in Practice: Reversing helpctr.exe.

Automatic, Bulk Auditing for Vulnerabilities.

Writing Your Own Cracking Tools.

Building a Basic Code Coverage Tool.

Conclusion.

4. Exploiting Server Software.

The Trusted Input Problem.

The Privilege Escalation Problem.

Finding Injection Points.

Input Path Tracing.

Exploiting Trust through Configuration.

Specific Techniques and Attacks for Server Software.

Conclusion.

5. Exploiting Client Software.

Client-side Programs as Attack Targets.

In-band Signals.

Cross-site Scripting (XSS).

Clients Scripts and Malicious Code.

Content-Based Attacks.

Backwash Attacks: Leveraging Client-side Buffer.

Conclusion.

6. Crafting (Malicious) Input.

The Defender's Dilemma.

Intrusion Detection (Not).

Partition Analysis.

Tracing Code.

Reversing Parser Code.

Example: Reversing I-Planet Server 6.0 through the Front Door.

Misclassification.

Building “Equivalent" Requests.

Audit Poisoning.

Conclusion.

7. Buffer Overflow.

Buffer Overflow 101.

Injection Vectors: Input Rides Again.

Buffer Overflows and Embedded Systems.

Database Buffer Overflows.

Buffer Overflows and Java?!

Content-Based Buffer Overflow.

Audit Truncation and Filters with Buffer Overflow.

Causing Overflow and Environment Variables.

The Multiple Operation Problem.

Finding Potential Buffer Overflows.

Stack Overflow.

Arithmetic Errors in Memory Management.

Format String Vulnerabilities.

Heap Overflows.

Buffer Overflows and C++.

Payloads.

Payloads on RISC Architectures.

Multiplatform Payloads.

Prolog/Epilog Code to Protect Functions.

Conclusion.

8. Rootkits.

Subversive Programs.

A Simple Windows XP Kernel Rootkit.

Call Hooking.

Trojan Executable Redirection.

Hiding Files and Directories.

Patching Binary Code.

The Hardware Virus.

Low-Level Disk Access.

Adding Network Support to a Driver.

Interrupts.

Key Logging.

Advanced Rootkit Topics.

Conclusion.

References.

Index.

Product Details

ISBN:
9780201786958
Author:
Hoglund, Greg
Publisher:
Addison-Wesley Professional
Author:
McGraw, Gary
Author:
Hoglund, Greg
Author:
Viega, John
Location:
Boston
Subject:
Networking - General
Subject:
Computer security
Subject:
Computer software
Subject:
Security
Subject:
Computer hackers
Subject:
Security - General
Subject:
Internet - Security
Subject:
Networking-Computer Security
Copyright:
Edition Description:
Trade paper
Series:
Addison-Wesley Software Security Series
Series Volume:
107-952
Publication Date:
February 2004
Binding:
TRADE PAPER
Grade Level:
Professional and scholarly
Language:
English
Illustrations:
Yes
Pages:
512
Dimensions:
9.1 x 6.9 x 1.2 in 835 gr

Other books you might like

  1. Exploiting Online Games: Cheating... New Trade Paper $49.50
  2. Writing Security Tools and Exploits
    New Trade Paper $64.95
  3. Hacking for Dummies. (For Dummies) Used Trade Paper $7.50
  4. A Brief History of Time: From the... Used Hardcover $3.50
  5. A Brief History of Time: The Updated...
    Used Trade Paper $8.95
  6. Feynman Lectures on Computation New Trade Paper $58.95

Related Subjects

Computers and Internet » Internet » General
Computers and Internet » Networking » Computer Security
Computers and Internet » Networking » General
Computers and Internet » Software Engineering » Systems Analysis and Design
Science and Mathematics » Electricity » General Electronics
Science and Mathematics » Physics » General

Exploiting Software : How To Break Code (04 Edition) Used Trade Paper
0 stars - 0 reviews
$32.00 In Stock
Product details 512 pages Addison-Wesley Professional - English 9780201786958 Reviews:
"Synopsis" by , What is it about software that makes security such a problem? If you want to build secure software, how do you do it? These questions and the perseverance of three of the world's leading security experts, Gary McGraw, John Viega, and Greg Hoglund, led to the three books contained in this package.

Building Secure Software: How to Avoid Security Problems the Right Way, the white hat book, seems to have touched off a revolution. Security people who once relied solely on firewalls, intrusion detection, and anti-virus mechanisms came to understand and embrace the necessity of better software. This book provides a coherent and sensible philosophical foundation for the blossoming field of software security.

Exploiting Software: How to Break Code, the black hat book, provides a much needed balance, teaching how to break software and how malicious hackers write exploits. This book is meant as a reality check for software security, ensuring that the good guys address real attacks and invent and peddle solutions that actually work. Exploiting Software and Building Secure Software are in some senses mirror images.

Software Security: Building Security In unifies the two sides of software security--attack and defense, exploiting and designing, breaking and building--into a coherent whole. Like the yin and the yang, software security requires a careful balance.

"Synopsis" by , Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? What tools can be used to break software? This book provides the answers. "Exploiting Software" is loaded with examples of real attacks, attack patterns, tools, and techniques used to break software--a must-have title that may shock and educate readers.
spacer
spacer
  • back to top
Follow us on...




Powell's City of Books is an independent bookstore in Portland, Oregon, that fills a whole city block with more than a million new, used, and out of print books. Shop those shelves — plus literally millions more books, DVDs, and gifts — here at Powells.com.