What do you think?
Rate this book
Exploiting Software: How to Break Code
**Foreword by Avi Rubin. How does software break? How do attackers make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? What tools can be used to break software? This book provides the answers. This book is studded with examples of real attacks, attack patterns, tools, and techniques used by bad guys to break software. If you want to protect your software from attack, you must first learn how real attacks are really carried out. Learn about: Why software exploit will continue to be a serious problem; When network security mechanisms do not work; Attack patterns; Reverse engineering; Classic attacks against server software; Surprising attacks against client software; Techniques for crafting malicious input; The technical details of buffer overflows; and Rootkits. This information needs to be understood and digested by security professionals so that they know the magnitude of the problem and they can begin to address it properly. Today, all developers should be security-minded. The knowledge here will arm you with a real understanding of the software security problem.
512 pages, Paperback
First published February 27, 2004
7 people are currently reading
175 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 4 of 4 reviews
January 15, 2020
It's a catchy title. But it's also an inaccurate, disingenuous bait-and-switch. This is not a book about how to write exploits or malware. It does have a good bit of reverse engineering and debugging discussion within the context of IDA Pro (this is virtually all of Chapter 3, which is only useful if you have IDA Pro and care more about disassembling than crafting malware). As an analogy, imagine picking up a book on boating and finding that most of it was about how to take the engine apart.
The text is generally wordy and repetitive, not well-organized, and some topics that really should have been low-hanging fruit (like the nearly one hundred pages on buffer overflows) flounder and meander and never really get at the essence of the subject (FWIW: Erickson's "Hacking" is excellent on this topic). Happily, the closing chapter on Windows rootkits is interesting and there are some worked examples on how to develop and deploy rootkits on Windows XP. Overall, this book is like a growing band of modern cybersecurity books: it's fluffy and wordy, lacking solid, pragmatic content.
The text is generally wordy and repetitive, not well-organized, and some topics that really should have been low-hanging fruit (like the nearly one hundred pages on buffer overflows) flounder and meander and never really get at the essence of the subject (FWIW: Erickson's "Hacking" is excellent on this topic). Happily, the closing chapter on Windows rootkits is interesting and there are some worked examples on how to develop and deploy rootkits on Windows XP. Overall, this book is like a growing band of modern cybersecurity books: it's fluffy and wordy, lacking solid, pragmatic content.
March 5, 2015
Outdated. Barely skims over certain topics, and repeats simple things throughout the book. It does things like throw pages full of sample IDA plugin code at the end one of the first chapters - despite later chapters at times tending to treat the reader like a novice. (Annoyingly, there's no source code or other examples available online - really?)
September 17, 2012
*[ There's going to be a training regarding Software Security, so I want to learn something about it before I take it next week.- ]
Read
July 8, 2008Overall not bad, but more for someone who has never have done it.
Displaying 1 - 4 of 4 reviews