Skip to content
Menu Button
Scan a barcode
Scan
My Lists
Scan a barcode
Scan
Computers & Technology Books > Certification Books
Paperback Exploiting Software: How to Break Code Book
Share to Facebook
Share to Pinterest
Share to Twitter

ISBN: 0201786958

ISBN13: 9780201786958

Exploiting Software: How to Break Code

by and

Select Format

Select Condition ThriftBooks Help Icon

Recommended

Format: Paperback

Condition: Very Good

$6.19
Save $58.80!
List Price $64.99
Almost Gone, Only 1 Left!
Add to Wish List

Book Overview

Praise for Exploiting Software

"Exploiting Software highlights the most critical part of the software quality problem. As it turns out, software quality problems are a major contributing factor to computer security problems. Increasingly, companies large and small depend on software to run their businesses every day. The current approach to software quality and security taken by software companies, system integrators, and internal development organizations is like driving a car on a rainy day with worn-out tires and no air bags. In both cases, the odds are that something bad is going to happen, and there is no protection for the occupant/owner. This book will help the reader understand how to make software quality part of the design--a key change from where we are today!"

-- Tony Scott
Chief Technology Officer, IS&S
General Motors Corporation

"It's about time someone wrote a book to teach the good guys what the bad guys already know. As the computer security industry matures, books like Exploiting Software have a critical role to play."

-- Bruce Schneier
Chief Technology Officer
Counterpane
Author of Beyond Fear and Secrets and Lies

"Exploiting Software cuts to the heart of the computer security problem, showing why broken software presents a clear and present danger. Getting past the 'worm of the day' phenomenon requires that someone other than the bad guys understands how software is attacked. This book is a wake-up call for computer security."

-- Elinor Mills Abreu
Reuters' correspondent

"Police investigators study how criminals think and act. Military strategists learn about the enemy's tactics, as well as their weapons and personnel capabilities. Similarly, information security professionals need to study their criminals and enemies, so we can tell the difference between popguns and weapons of mass destruction. This book is a significant advance in helping the 'white hats' understand how the 'black hats' operate. Through extensive examples and 'attack patterns, ' this book helps the reader understand how attackers analyze software and use the results of the analysis to attack systems. Hoglund and McGraw explain not only how hackers attack servers, but also how malicious server operators can attack clients (and how each can protect themselves from the other). An excellent book for practicing security engineers, and an ideal book for an undergraduate class in software security."

-- Jeremy Epstein
Director, Product Security & Performance
webMethods, Inc.

"A provocative and revealing book from two leading security experts and world class software exploiters, Exploiting Software enters the mind of the cleverest and wickedest crackers and shows you how they think. It illustrates general principles for breaking software, and provides you a whirlwind tour of techniques for finding and exploiting software vulnerabilities, along with detailed examples from real software exploits. Exploiting Software is essential reading for anyone responsible for placing software in a hostile environment--that is, everyone who writes or installs programs that run on the Internet."

-- Dave Evans, Ph.D.
Associate Professor of Computer Science
University of Virginia

"The root cause for most of today's Internet hacker exploits and malicious software outbreaks are buggy software and faulty security software deployment. In Exploiting Software, Greg Hoglund and Gary McGraw help us in an interesting and provocative way to better defend ourselves against malicious hacker attacks on those software loopholes. The information in this book is an essential reference that needs to be understood, digested, and aggressively addressed by IT and information security professionals everywhere."

-- Ken Cutler, CISSP, CISA
Vice President, Curriculum Development & Professional Services,
MIS Training Institute

"This book describes the threats to software in concrete, understandable, and frightening detail. It also discusses how to find these problems before the bad folks do. A valuable addition to every programmer's and security person's library!"

-- Matt Bishop, Ph.D.
Professor of Computer Science
University of California at Davis
Author of Computer Security: Art and Science

"Whether we slept through software engineering classes or paid attention, those of us who build things remain responsible for achieving meaningful and measurable vulnerability reductions. If you can't afford to stop all software manufacturing to teach your engineers how to build secure software from the ground up, you should at least increase awareness in your organization by demanding that they read Exploiting Software. This book clearly demonstrates what happens to broken software in the wild."

-- Ron Moritz, CISSP
Senior Vice President, Chief Security Strategist
Computer Associates

"Exploiting Software is the most up-to-date technical treatment of software security I have seen. If you worry about software and application vulnerability, Exploiting Software is a must-read. This book gets at all the timely and important issues surrounding software security in a technical, but still highly readable and engaging, way. Hoglund and McGraw have done an excellent job of picking out the major ideas in software exploit and nicely organizing them to make sense of the software security jungle."

-- George Cybenko, Ph.D.
Dorothy and Walter Gramm Professor of Engineering, Dartmouth
Founding Editor-in-Chief, IEEE Security and Privacy

"This is a seductive book. It starts with a simple story, telling about hacks and cracks. It draws you in with anecdotes, but builds from there. In a few chapters you

Related Subjects

Certification CompTIA Computer Science Computers Computers & Technology Encryption Hacking Internet, Groupware, & Telecommunications Networking Networks, Protocols & APIs Security & Encryption Software Design, Testing & Engineering Systems Analysis & Design Testing

Customer Reviews

5 ratings
Write a review

Fires up the hacker in me!

Published by Thriftbooks.com User , 19 years ago
Anyone who's been in network security long enough will tell you that the current state of products and `solutions' to security problems are woefully inadequate. Firewalls, intrusion detection systems, content filters and anti-virus solutions are all reactive technologies, and as a result, they fail to address the primary cause of security vulnerabilities. This root cause is bad software. Viruses, worms and hackers exploit vulnerabilities in the design and logic of software applications to compromise, destroy and otherwise take control of important information. Once you accept this fact, you'll realize that the only path to good security is to write better code. `Exploiting Software - How to Break Code' is a book that fires up the hacker in me. It does not aim to teach you about the latest scanning tool, instead, it teaches you how to find and exploit vulnerabilities in systems. While many of the ideas in the book (such as the omnipresent buffer overflow) are not new, there is simply no literary comparison to the treatment given to them in this book. Application security is one of the highest regarded and specialized technical services in the security industry, and thus, finding people (let alone books) that delve in-depth into the topic is rare and refreshing. The first day I used this book, I was on an application security project. The target application was a distributed database application running on SQL server with a web front-end. I happened to have this book along with me, and while reading through it, the section on equivalent requests was something I hadn't tried - sure enough, 20 minutes later I had full control of the application and a very good impression of this book. I particularly like the conceptual sections of this book, especially their idea of `attack patterns' - generic scenarios that often lead to compromise in systems. A thorough study of all these attack patterns will leave you a much better analyst than when you started out, and it definitely pays off when it comes to testing. The book is also chock-a-block full of code, something that other books don't have the guts to do. Better yet, we're not talking about `hello world' stuff here, while reading the excellent chapter on root kits I finally realized that the device driver code I was trying out was way over my head. That's something you like to find, because it gives you something to learn. The art of reverse engineering, disassembly, writing IDA-Pro plugins, black / white and grey-box techniques, advanced payload creation on multiple architectures - this book has it all. The only thing I can possibly say against it is that this it caters to a niche audience. If you're not a coder or seriously into security however, large parts of the book may be inaccessible to you. However if you're a hacker, security tester or application developer and you don't own a copy of this book, you're not reaching your full potential.

A Disturbing, Subversive Book

Published by Thriftbooks.com User , 20 years ago
A disturbing, subversive book. And I mean this in a positive sense. Hogland and McGraw explain the major ways in which software can be attacked. They describe how reverse engineering can be done, even if all you have is binary code to work on. Given a disassembler and a decompiler, and these exist for all the major platforms, you can systematically apply white box, black box and grey box analysis to deconstruct a program.They show how attacks can be done against servers, because nowadays on the net, servers are often tempting, fat targets. But from your standpoint, if you wish to defend against these attacks, you really need to be aware of the issues they raises. "Know the enemy". Plus, they also show how a server could attack, or be used to attack, unsuspecting clients that connect to it.Of course, buffer overflows are the most commonly known source of attacks. Thus an entire chapter is devoted to this.PHP users may not be thrilled to hear that it is fundamentally insecure. Its ease of learning and coding comes with this heavy price. Still, it is all the more reason that PHP users and sysadmins running web servers that use PHP, should be aware of the dangers in it.The book is not a trivial read. The authors give detailed examples at the level of the x86 assembler. A strong background in this and in C/C++ will give you the greatest benefit when studying the book.

Every software developer should have and read this book

Published by Thriftbooks.com User , 20 years ago
Target AudienceSoftware developers and network administrators who are responsible for or concerned with the security of the code they write or run.ContentsThis book covers software exploits and how they work. The book is divided into the following chapters:Software - The Root Of The Problem; Attack Patterns; Reverse Engineering And Program Understanding; Exploiting Server Software; Exploiting Client Software; Crafting (Malicious) Input; Buffer Overflow; Rootkits; References; IndexReviewSoftware security is foremost in the news today. You can't go a day without news on how another group has found and exploited some software flaw to create havoc on the internet. It seems that the software bugs are found faster than the developers can patch them. How can a software developer get ahead of the curve and write software that is more secure from the start? Get this book.The authors start out with an overview of software and how code is open to bugs and exploits. By understanding the concepts of complexity, extensibility, and connectivity, you'll start to understand how easy it is for software to be "broke" by others to gain some sort of advantage or control over it. The rest of the book then goes into specific areas of attack and how they occur. There is an abundance of "attack patterns" that are highlighted throughout the chapters. These short sidebars will help you understand all the types of attacks that can (and will be) used against your systems. After you read and digest this information, you will be much better prepared to write code that is designed to be more secure from the initial design through implementation.A question comes to mind quickly when reading the book... Isn't it dangerous to put all this hacking information in one place where anyone can access it? In my opinion, it's more dangerous to not have this data available. If a person wants to break your software or systems, they already know this stuff. In the case of software security, it's often the corporate developer who is at a distinct disadvantage as they are more concerned with getting their software to work in the first place. By having a single volume that explains the concepts of software exploitation in detail, we can all start to write secure software instead of writing patches to fix flawed code. ConclusionThis book should be on the shelf of all software developers and administrators who are concerned about writing and administering secure software. And that should be all software developers and administrators! The information may be disturbing, but you need to understand it before others use the information against you.

Read It and Weep

Published by Thriftbooks.com User , 20 years ago
Hoglund and McGraw is an amazing book. It's well written, comprehensive and full of detailed, up-to-date methodologies for messing with all kinds of code. It's a shame the black hats can buy this book. However, since they can, every white hat should make a point of reading it to understand how subtle attacks can be and what kinds of tools are out there to help develop exploits.Reading it will make you weep about the current state of operational code vulnerability!!!

Learn how the bad guys think

Published by Thriftbooks.com User , 20 years ago
For many years the "white hats" (good guys) have tried to guess how the black hats think, and how they find problems with software. That's as true with software as it is with other disciplines, where police study criminals, and military strategists learn about their enemy's tactics. Those of us in the information security field need to study our criminals and enemies, so we can tell the difference between pop guns and weapons of mass destruction.I enjoyed this book because it helped me understand how the bad guys think, and how they find the flaws that we constantly read about (and suffer from).The authors explain not only how hackers attack servers, but also how malicious server operators can attack clients (and how each can protect themselves from the other). I'd highly recommend it as a companion to Ross Anderson's "Security Engineering": Anderson's book provides the broad view of security, and this book provides the deep analysis of software security.An excellent book for practicing security engineers, and an ideal textbook for an undergraduate class in software security.
Trustpilot

Popular Categories

Website

My Account

Partnerships

Quick Help

About Us

ThriftBooks sells millions of used books at the lowest everyday prices. We personally assess every book's quality and offer rare, out-of-print treasures. We deliver the joy of reading in recyclable packaging with free standard shipping on US orders over $15. ThriftBooks.com. Read more. Spend less.

Follow Us

Link to Facebook
Link to Twitter
Link to Pinterest
Link to Tumblr
Link to Instagram
Copyright © 2025 Thriftbooks.com Terms of Use | Privacy Policy | Do Not Sell/Share My Personal Information | Cookie Policy | Cookie Preferences | Accessibility Statement
ThriftBooks ® and the ThriftBooks ® logo are registered trademarks of Thrift Books Global, LLC
GoDaddy Verified and Secured