• Alle Preisangaben inkl. MwSt.
Nur noch 1 auf Lager (mehr ist unterwegs).
Verkauf und Versand durch Amazon.
Geschenkverpackung verfügbar.
Exploiting Software: How ... ist in Ihrem Einkaufwagen hinzugefügt worden
+ EUR 3,00 Versandkosten
Gebraucht: Gut | Details
Verkauft von Deal DE
Zustand: Gebraucht: Gut
Kommentar: Dieses Buch ist in gutem, sauberen Zustand. Seiten und Einband sind intakt.
Ihren Artikel jetzt
eintauschen und
EUR 6,25 Gutschein erhalten.
Möchten Sie verkaufen?
Zur Rückseite klappen Zur Vorderseite klappen
Anhören Wird wiedergegeben... Angehalten   Sie hören eine Probe der Audible-Audioausgabe.
Weitere Informationen
Dieses Bild anzeigen

Exploiting Software: How to Break Code (Addison-Wesley Software Security) (Englisch) Taschenbuch – 17. Februar 2004

2 Kundenrezensionen

Alle 2 Formate und Ausgaben anzeigen Andere Formate und Ausgaben ausblenden
Amazon-Preis Neu ab Gebraucht ab
"Bitte wiederholen"
EUR 63,61
EUR 46,55 EUR 20,16
8 neu ab EUR 46,55 6 gebraucht ab EUR 20,16

Hinweise und Aktionen

  • Große Hörbuch-Sommeraktion: Entdecken Sie unsere bunte Auswahl an reduzierten Hörbüchern für den Sommer. Hier klicken.

Wird oft zusammen gekauft

Exploiting Software: How to Break Code (Addison-Wesley Software Security) + Software Security: Building Security in (Addison-Wesley Software Security)
Preis für beide: EUR 136,66

Die ausgewählten Artikel zusammen kaufen
Jeder kann Kindle Bücher lesen — selbst ohne ein Kindle-Gerät — mit der KOSTENFREIEN Kindle App für Smartphones, Tablets und Computer.


Mehr über die Autoren

Entdecken Sie Bücher, lesen Sie über Autoren und mehr



Computing hardware would have no value without software; software tells hardware what to do. Software therefore must have special authority within computing systems. All computer security problems stem from that fact, and Exploiting Software: How to Break Code shows you how to design your software so it's as resistant as possible to attack. Sure, everything's phrased in offensive terms (as instructions for the attacker, that is), but this book has at least as much value in showing designers what sorts of attacks their software will face (the book could serve as a checklist for part of a pre-release testing regimen). Plus, the clever reverse-engineering strategies that Greg Hoglund and Gary McGraw teach will be useful in many legitimate software projects. Consider this a recipe book for mayhem, or a compendium of lessons learned by others. It depends on your situation.

PHP programmers will take issue with the authors' blanket assessment of their language ("PHP is a study in bad security"), much of which seems based on older versions of the language that had some risky default behaviors--but those programmers will also double-check their servers' register_globals settings. Users of insufficiently patched Microsoft and Oracle products will worry about the detailed attack instructions this book contains. Responsible programmers and administrators will appreciate what amounts to documentation of attackers' rootkits for various operating systems, and will raise their eyebrows at the techniques for writing malicious code to unused EEPROM chips in target systems. --David Wall

Topics covered: How to make software fail, either by doing something it wasn't designed to do, or by denying its use to its rightful users. Techniques--including reverse engineering, buffer overflow, and particularly provision of unexpected input--are covered along with the tools needed to carry them out. A section on hardware viruses is detailed and frightening.


Praise for Exploiting Software "Exploiting Software highlights the most critical part of the software quality problem. As it turns out, software quality problems are a major contributing factor to computer security problems. Increasingly, companies large and small depend on software to run their businesses every day. The current approach to software quality and security taken by software companies, system integrators, and internal development organizations is like driving a car on a rainy day with worn-out tires and no air bags. In both cases, the odds are that something bad is going to happen, and there is no protection for the occupant/owner. This book will help the reader understand how to make software quality part of the design - a key change from where we are today!" - Tony Scott Chief Technology Officer, IS&S General Motors Corporation ~"It's about time someone wrote a book to teach the good guys what the bad guys already know. As the computer security industry matures, books like Exploiting Software have a critical role to play." - Bruce Schneier Chief Technology Officer Counterpane Author of Beyond Fear and Secrets and Lies ~"Exploiting Software cuts to the heart of the computer security problem, showing why broken software presents a clear and present danger. Getting past the 'worm of the day' phenomenon requires that someone other than the bad guys understands how software is attacked. This book is a wake-up call for computer security." - Elinor Mills Abreu Reuters' correspondent ~"Police investigators study how criminals think and act. Military strategists learn about the enemy's tactics, as well as their weapons and personnel capabilities. Similarly, information security professionals need to study their criminals and enemies, so we can tell the difference between popguns and weapons of mass destruction. This book is a significant advance in helping the 'white hats' understand how the 'black hats' operate. Through extensive examples and 'attack patterns,' this book helps the reader understand how attackers analyze software and use the results of the analysis to attack systems. Hoglund and McGraw explain not only how hackers attack servers, but also how malicious server operators can attack clients (and how each can protect themselves from the other). An excellent book for practicing security engineers, and an ideal book for an undergraduate class in software security." - Jeremy Epstein Director, Product Security & Performance webMethods, Inc. ~"A provocative and revealing book from two leading security experts and world class software exploiters, Exploiting Software enters the mind of the cleverest and wickedest crackers and shows you how they think. It illustrates general principles for breaking software, and provides you a whirlwind tour of techniques for finding and exploiting software vulnerabilities, along with detailed examples from real software exploits. Exploiting Software is essential reading for anyone responsible for placing software in a hostile environment - that is, everyone who writes or installs programs that run on the Internet." - Dave Evans, Ph.D. Associate Professor of Computer Science University of Virginia ~"The root cause for most of today's Internet hacker exploits and malicious software outbreaks are buggy software and faulty security software deployment. In Exploiting Software, Greg Hoglund and Gary McGraw help us in an interesting and provocative way to better defend ourselves against malicious hacker attacks on those software loopholes. The information in this book is an essential reference that needs to be understood, digested, and aggressively addressed by IT and information security professionals everywhere." - Ken Cutler, CISSP, CISA Vice President, Curriculum Development & Professional Services, MIS Training Institute ~"This book describes the threats to software in concrete, understandable, and frightening detail. It also discusses how to find these problems before the bad folks do. A valuable addition to every programmer's and security person's library!" - Matt Bishop, Ph.D. Professor of Computer Science University of California at Davis Author of Computer Security: Art and Science

Welche anderen Artikel kaufen Kunden, nachdem sie diesen Artikel angesehen haben?


3.5 von 5 Sternen
5 Sterne
4 Sterne
3 Sterne
2 Sterne
1 Sterne
Beide Kundenrezensionen anzeigen
Sagen Sie Ihre Meinung zu diesem Artikel

Die hilfreichsten Kundenrezensionen

4 von 5 Kunden fanden die folgende Rezension hilfreich Von Ein Kunde am 11. Juni 2005
Format: Taschenbuch
The good thing here are the descriptions of practical attacks, so that an experienced programmer and code designer is able to check to what extend he's taking care of such problems in his work. But the authors couldn't limit themselfs to this good part. No, they had to build a theory arround it and write a lot of philosophical bs, define terms, produce numbers and so on. So at some point they find themselfs explaining what software is and what role it plays in a computer and they are obviously targeting an audience of non-programmers since they explain a software system by an analogy of a house where the attacker enters through the lobby (code that handles web input) and tries to get into the kitchen (i.e. database) ... Only half a page on they are writing about a very particular pitfall that a HTML/CGI programmer might get into ... So whom were these guys writing for ??? The experienced programmers or the management ? The programmers wait half of the book to get to the cheese and the managers will probably get a little into trouble when the details start to matter. I also hate to see another couple of authors who first _proove_ that's all a loosing battle and why - and then throw themselfs on the task to ignore that fact and show how in theory in partial cases the castle could be defended. Crazzy. But I liked the programming stuff, so *** :).
Kommentar War diese Rezension für Sie hilfreich? Ja Nein Feedback senden...
Vielen Dank für Ihr Feedback. Wenn diese Rezension unangemessen ist, informieren Sie uns bitte darüber.
Wir konnten Ihre Stimmabgabe leider nicht speichern. Bitte erneut versuchen
5 von 8 Kunden fanden die folgende Rezension hilfreich Von realtime am 31. Mai 2004
Format: Taschenbuch
Wie immer wieder im Buch geschrieben, ist dieses Buch nicht für "möchtegern Hacker" und sog. Skript Kiddies gedacht. Vielmehr versucht man hier einen umfassenden Blick auf mögliche Angriffsmethoden zu geben, die einer Software gefährlich werden können. Es sind einige Codebeispiele vorhanden, welche aber nur erfahrenen Programmierern weiterhelfen dürften. Nichts für den Anfänger, der dann einfach ein Exploit abtippt und damit herumprahlen kann.
Das Buch ist in 7 Kapitel eingeteilt:
1. Software - the Root of the Problem
2. Attack Patterns
3. Reverse Engineering and Program Understanding
4. Exploiting Server Software
5. Exploiting Client Software
6. Buffer Overflow
7. Rootkits
Meinem Geschmack nach, sind die in diesem Buch zu viele "Online"
Exploits beschrieben. Sicherheitsmechanismen in Applikationen kommen somit zu kurz.
Fazit: Interressant zu lesen und gut für neue Denkansätze.
Kommentar War diese Rezension für Sie hilfreich? Ja Nein Feedback senden...
Vielen Dank für Ihr Feedback. Wenn diese Rezension unangemessen ist, informieren Sie uns bitte darüber.
Wir konnten Ihre Stimmabgabe leider nicht speichern. Bitte erneut versuchen

Die hilfreichsten Kundenrezensionen auf Amazon.com (beta)

Amazon.com: 30 Rezensionen
115 von 118 Kunden fanden die folgende Rezension hilfreich
Less than meets the eye 20. April 2004
Von Ernest Friedman-Hill - Veröffentlicht auf Amazon.com
Format: Taschenbuch
"Exploiting Software" purports to be a book aimed at helping software
professionals understand the security risks they face; it uses the
pedagogical device of teaching how software can be attacked to
achieve the goal of explaining how secure software should be
built. Unfortunately, I think it fails both as a guide to building
secure software and as a guide to being a black hat hacker.
Most of "Exploiting Software" reads more like a book proposal than a
completed work: too detailed in places (do we really need a dozen
pages on writing plugins for the IDA Pro Disassembler?), not detailed
enough in others, and generally not well organized. Far too often, the
reader is simply told that an exploit exists, and is then directed to
the original source for details. Worse, the original sources are often
white papers, personal web sites, and conference proceedings -- things
that are either hard to obtain, unlikely to be available for long, or
both. As a result, the reader learns nothing.
The preface to "Exploiting Software" explains that this is a companion
volume to "Building Secure Software," written by the same Gary McGraw
with another co-author, and this helps to explain the main failings of
this book. I must admit that the last two chapters, "Buffer overflow"
and "Rootkits", are better than the rest; they provide plenty of
concrete details. But two chapters aren't enough to vindicate this
fairly shallow work. For my money, I expect a book that can stand on its
40 von 41 Kunden fanden die folgende Rezension hilfreich
Half of the story 19. August 2004
Von Stuart Gardner - Veröffentlicht auf Amazon.com
Format: Taschenbuch
I'm an IT auditor (my main interest area is systems software). The premise of the book, that application security is now the key risk area for exploits is spot on. Exploits of applications can be devestating. This book describes basic attacks on application software; unfortunately the level of detail varies from example to example making it a little difficult to follow. It does provide valuable examples for those developing software of potentail problem areas and common faults. It is is also of potential value in planning penetration tests. There is no real coverage of secure coding practices and how to integrate security into the development process though. The book is worth getting but provides far from exhaustive coverage of code expoitation.
45 von 50 Kunden fanden die folgende Rezension hilfreich
Im disappointed 23. April 2004
Von Joshua Santos - Veröffentlicht auf Amazon.com
Format: Taschenbuch
I admit it, I was expecting a lot of this book. I've seen one of the co-authors, hoglund, speak at various security conferences in the past, and he is one of the top minds in the industry. I was therefore very excited to find he was writing a book on "exploiting software".
That being said, I was led to believe that this book would actually teach me how to "exploit software" --- that is the title, isn't it? The first two chapters are kind of overview, talking about historical flaws in things like embedded processors, and then a lengthy tutorial on somewhat obscure topics, such as writing plugins for the popular belgian disassembler, IDA Pro. While this is all fine and dandy, at this point in the book you will start to read faster and think "when do I get to learn how to "exploit software", and write some friggen exploits?"
Well, I was hoping to find that content later in the book (obviously contributed by mr. hoglund), but all I found was some terse overviews on how these exploits are possible. NOT how to actually write them, or use them in practice. This is where I was letdown, and may I even say, misled by the marketing material for the book.
I do have to say, the final section on writing a windows xp rootkit does have some concrete examples, and is highly interesting and informative. But, it remains the only truly hands on and practical portion of the book. This book should have been titled, AND marketed as "The Theory of Software Exploitation + A Good Chapter On Rootkits".
22 von 25 Kunden fanden die folgende Rezension hilfreich
Fires up the hacker in me! 20. April 2005
Von Christos Partsenidis - Veröffentlicht auf Amazon.com
Format: Taschenbuch
Anyone who's been in network security long enough will tell you that the current state of products and `solutions' to security problems are woefully inadequate.

Firewalls, intrusion detection systems, content filters and anti-virus solutions are all reactive technologies, and as a result, they fail to address the primary cause of security vulnerabilities.

This root cause is bad software. Viruses, worms and hackers exploit vulnerabilities in the design and logic of software applications to compromise, destroy and otherwise take control of important information. Once you accept this fact, you'll realize that the only path to good security is to write better code.

`Exploiting Software - How to Break Code' is a book that fires up the hacker in me. It does not aim to teach you about the latest scanning tool, instead, it teaches you how to find and exploit vulnerabilities in systems. While many of the ideas in the book (such as the omnipresent buffer overflow) are not new, there is simply no literary comparison to the treatment given to them in this book.

Application security is one of the highest regarded and specialized technical services in the security industry, and thus, finding people (let alone books) that delve in-depth into the topic is rare and refreshing. The first day I used this book, I was on an application security project. The target application was a distributed database application running on SQL server with a web front-end.

I happened to have this book along with me, and while reading through it, the section on equivalent requests was something I hadn't tried - sure enough, 20 minutes later I had full control of the application and a very good impression of this book.

I particularly like the conceptual sections of this book, especially their idea of `attack patterns' - generic scenarios that often lead to compromise in systems. A thorough study of all these attack patterns will leave you a much better analyst than when you started out, and it definitely pays off when it comes to testing.

The book is also chock-a-block full of code, something that other books don't have the guts to do. Better yet, we're not talking about `hello world' stuff here, while reading the excellent chapter on root kits I finally realized that the device driver code I was trying out was way over my head. That's something you like to find, because it gives you something to learn.

The art of reverse engineering, disassembly, writing IDA-Pro plugins, black / white and grey-box techniques, advanced payload creation on multiple architectures - this book has it all. The only thing I can possibly say against it is that this it caters to a niche audience.

If you're not a coder or seriously into security however, large parts of the book may be inaccessible to you. However if you're a hacker, security tester or application developer and you don't own a copy of this book, you're not reaching your full potential.
29 von 34 Kunden fanden die folgende Rezension hilfreich
Quite disappointing 4. Mai 2004
Von Ein Kunde - Veröffentlicht auf Amazon.com
Format: Taschenbuch
'Exploiting Software' is a quite disappointing book. It is not well organized and repeats itself very often, there's no thread and the authors always lose themselves in trivial things. Whenever it started to get interesting the book stopped short of going into details. The only slightly sophisticated chapters are the ones at the end, about buffer overflows and the XP rootkit.
I found that often code fragments are insufficiently described or not explained at all. This is a no-no in writing software, and it is all the more when writing a book about software (I can easily download some code and then wade through the code myself, what's the added value of the book?). On the other hand, simple tasks like appending a line to a Unix text file are explained exhaustively. Or, the book contains several pages about a code to display sampled data graphically. Why would I want to read this in a book about software exploits?
Overall, the book fails in the most important aspect: to bear the reader in mind. It seems that the authors just wanted to write a book, a thick book. Among the target audience mentioned in the book, i.e., programmers, consultants, managers etc. only programmers with absolutely no background in security may appreciate the book.
Go check the book carefully if you think about buying it. I give it two out of five stars just because of the final two chapters.
Waren diese Rezensionen hilfreich? Wir wollen von Ihnen hören.