Thông tin tài liệu
•
Table of Contents
•
Index
Exploiting Software How to Break Code
By
Greg Hoglund
,
Gary McGraw
Publisher
: Addison Wesley
Pub Date
: February 17, 2004
ISBN
: 0-201-78695-8
Pages
: 512
How does software break? How do attackers make software break on purpose? Why are
firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys?
What tools can be used to break software? This book provides the answers.
Exploiting Software
is loaded with examples of real attacks, attack patterns, tools, and
techniques used by bad guys to break software. If you want to protect your software from
attack, you must first learn how real attacks are really carried out.
This must-have book may shock you—and it will certainly educate you.Getting beyond the
script kiddie treatment found in many hacking books, you will learn about
Why software exploit will continue to be a serious problem
When network security mechanisms do not work
Attack patterns
Reverse engineering
Classic attacks against server software
Surprising attacks against client software
Techniques for crafting malicious input
The technical details of buffer overflows
Rootkits
Exploiting Software
is filled with the tools, concepts, and knowledge necessary to break
software.
•
Table of Contents
•
Index
Exploiting Software How to Break Code
By
Greg Hoglund
,
Gary McGraw
Publisher
: Addison Wesley
Pub Date
: February 17, 2004
ISBN
: 0-201-78695-8
Pages
: 512
How does software break? How do attackers make software break on purpose? Why are
firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys?
What tools can be used to break software? This book provides the answers.
Exploiting Software
is loaded with examples of real attacks, attack patterns, tools, and
techniques used by bad guys to break software. If you want to protect your software from
attack, you must first learn how real attacks are really carried out.
This must-have book may shock you—and it will certainly educate you.Getting beyond the
script kiddie treatment found in many hacking books, you will learn about
Why software exploit will continue to be a serious problem
When network security mechanisms do not work
Attack patterns
Reverse engineering
Classic attacks against server software
Surprising attacks against client software
Techniques for crafting malicious input
The technical details of buffer overflows
Rootkits
Exploiting Software
is filled with the tools, concepts, and knowledge necessary to break
software.
•
Table of Contents
•
Index
Exploiting Software How to Break Code
By
Greg Hoglund
,
Gary McGraw
Publisher
: Addison Wesley
Pub Date
: February 17, 2004
ISBN
: 0-201-78695-8
Pages
: 512
Copyright
Praise for Exploiting Software
Attack Patterns
Foreword
Preface
What This Book Is About
How to Use This Book
But Isn't This Too Dangerous?
Acknowledgments
Greg's Acknowledgments
Gary's Acknowledgments
Chapter 1. Software—The Root of the Problem
A Brief History of Software
Bad Software Is Ubiquitous
The Trinity of Trouble
The Future of Software
What Is Software Security?
Conclusion
Chapter 2. Attack Patterns
A Taxonomy
An Open-Systems View
Tour of an Exploit
Attack Patterns: Blueprints for Disaster
An Example Exploit: Microsoft's Broken C++ Compiler
Applying Attack Patterns
Attack Pattern Boxes
Conclusion
Chapter 3. Reverse Engineering and Program Understanding
Into the House of Logic
Should Reverse Engineering Be Illegal?
Reverse Engineering Tools and Concepts
Approaches to Reverse Engineering
Methods of the Reverser
Writing Interactive Disassembler (IDA) Plugins
Decompiling and Disassembling Software
•
Table of Contents
•
Index
Exploiting Software How to Break Code
By
Greg Hoglund
,
Gary McGraw
Publisher
: Addison Wesley
Pub Date
: February 17, 2004
ISBN
: 0-201-78695-8
Pages
: 512
How does software break? How do attackers make software break on purpose? Why are
firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys?
What tools can be used to break software? This book provides the answers.
Exploiting Software
is loaded with examples of real attacks, attack patterns, tools, and
techniques used by bad guys to break software. If you want to protect your software from
attack, you must first learn how real attacks are really carried out.
This must-have book may shock you—and it will certainly educate you.Getting beyond the
script kiddie treatment found in many hacking books, you will learn about
Why software exploit will continue to be a serious problem
When network security mechanisms do not work
Attack patterns
Reverse engineering
Classic attacks against server software
Surprising attacks against client software
Techniques for crafting malicious input
The technical details of buffer overflows
Rootkits
Exploiting Software
is filled with the tools, concepts, and knowledge necessary to break
software.
Decompilation in Practice: Reversing helpctr.exe
Automatic, Bulk Auditing for Vulnerabilities
Writing Your Own Cracking Tools
Building a Basic Code Coverage Tool
Conclusion
Chapter 4. Exploiting Server Software
The Trusted Input Problem
The Privilege Escalation Problem
Finding Injection Points
Input Path Tracing
Exploiting Trust through Configuration
Specific Techniques and Attacks for Server Software
Conclusion
Chapter 5. Exploiting Client Software
Client-side Programs as Attack Targets
In-band Signals
Cross-site Scripting (XSS)
Client Scripts and Malicious Code
Content-Based Attacks
Backwash Attacks: Leveraging Client-side Buffer Overflows
Conclusion
Chapter 6. Crafting (Malicious) Input
The Defender's Dilemma
Intrusion Detection (Not)
Partition Analysis
Tracing Code
Reversing Parser Code
Example: Reversing I-Planet Server 6.0 through the Front Door
Misclassification
Building "Equivalent" Requests
Audit Poisoning
Conclusion
Chapter 7. Buffer Overflow
Buffer Overflow 101
Injection Vectors: Input Rides Again
Buffer Overflows and Embedded Systems
Database Buffer Overflows
Buffer Overflows and Java?!
Content-Based Buffer Overflow
Audit Truncation and Filters with Buffer Overflow
Causing Overflow with Environment Variables
The Multiple Operation Problem
Finding Potential Buffer Overflows
Stack Overflow
Arithmetic Errors in Memory Management
Format String Vulnerabilities
Heap Overflows
Buffer Overflows and C++
Payloads
Payloads on RISC Architectures
Multiplatform Payloads
Prolog/Epilog Code to Protect Functions
Conclusion
Chapter 8. Rootkits
•
Table of Contents
•
Index
Exploiting Software How to Break Code
By
Greg Hoglund
,
Gary McGraw
Publisher
: Addison Wesley
Pub Date
: February 17, 2004
ISBN
: 0-201-78695-8
Pages
: 512
How does software break? How do attackers make software break on purpose? Why are
firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys?
What tools can be used to break software? This book provides the answers.
Exploiting Software
is loaded with examples of real attacks, attack patterns, tools, and
techniques used by bad guys to break software. If you want to protect your software from
attack, you must first learn how real attacks are really carried out.
This must-have book may shock you—and it will certainly educate you.Getting beyond the
script kiddie treatment found in many hacking books, you will learn about
Why software exploit will continue to be a serious problem
When network security mechanisms do not work
Attack patterns
Reverse engineering
Classic attacks against server software
Surprising attacks against client software
Techniques for crafting malicious input
The technical details of buffer overflows
Rootkits
Exploiting Software
is filled with the tools, concepts, and knowledge necessary to break
software.
Subversive Programs
A Simple Windows XP Kernel Rootkit
Call Hooking
Trojan Executable Redirection
Hiding Files and Directories
Patching Binary Code
The Hardware Virus
Low-Level Disk Access
Adding Network Support to a Driver
Interrupts
Key Logging
Advanced Rootkit Topics
Conclusion
References
Index
•
Table of Contents
•
Index
Exploiting Software How to Break Code
By
Greg Hoglund
,
Gary McGraw
Publisher
: Addison Wesley
Pub Date
: February 17, 2004
ISBN
: 0-201-78695-8
Pages
: 512
How does software break? How do attackers make software break on purpose? Why are
firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys?
What tools can be used to break software? This book provides the answers.
Exploiting Software
is loaded with examples of real attacks, attack patterns, tools, and
techniques used by bad guys to break software. If you want to protect your software from
attack, you must first learn how real attacks are really carried out.
This must-have book may shock you—and it will certainly educate you.Getting beyond the
script kiddie treatment found in many hacking books, you will learn about
Why software exploit will continue to be a serious problem
When network security mechanisms do not work
Attack patterns
Reverse engineering
Classic attacks against server software
Surprising attacks against client software
Techniques for crafting malicious input
The technical details of buffer overflows
Rootkits
Exploiting Software
is filled with the tools, concepts, and knowledge necessary to break
software.
Copyright
Many of the designations used by manufacturers and sellers to distinguish their products are
claimed as trademarks. Where those designations appear in this book, and Addison-Wesley
was aware of a trademark claim, the designations have been printed in initial capital letters
or in all capitals.
The authors and publisher have taken care in the preparation of this book, but make no
expressed or implied warranty of any kind and assume no responsibility for errors or
omissions. No liability is assumed for incidental or consequential damages in connection with
or arising out of the use of the information or programs contained herein.
The publisher offers discounts on this book when ordered in quantity for bulk purchases and
special sales. For more information, please contact:
U.S. Corporate and Government Sales
(800) 382-3419
corpsales@pearsontechgroup.com
For sales outside of the U.S., please contact:
International Sales
(317) 581-3793
international@pearsontechgroup.com
Visit Addison-Wesley on the Web:
www.awprofessional.com
Library of Congress Cataloging-in-Publication Data
Hoglund, Greg.
Exploiting software : how to break code / Greg Hoglund, Gary McGraw.
p. cm.
ISBN 0-201-78695-8 (pbk. : alk. paper)
1. Computer security. 2. Computer software—Testing. 3. Computer hackers.
I. McGraw, Gary, 1966– II. Title.
QA76.9.A25H635 2004
005.8—dc22 2003025556
Copyright © 2004 by Pearson Education, Inc.
All rights reserved. No part of this publication may be reproduced, stored in a retrieval
system, or transmitted, in any form or by any means, electronic, mechanical, photocopying,
recording, or otherwise, without the prior consent of the publisher. Printed in the United
States of America. Published simultaneously in Canada.
Dr. McGraw's work is partially supported by DARPA contract no. F30602-99-C-0172 (
An
Investigation of Extensible System Security for Highly Resource-Constrained Wireless Devices
)
and AFRL Wright-Patterson grant no. F33615-02-C-1295 (
Protection Against Reverse
Engineering: State of the Art in Disassembly and Decompilation
). The views and conclusions
contained in this book are those of the authors and should not be interpreted as representing
the official policies, either expressed or implied, of DARPA, the US Air Force, or the US
government.
For information on obtaining permission for use of material from this work, please submit a
written request to:
Pearson Education, Inc.
Rights and Contracts Department
•
Table of Contents
•
Index
Exploiting Software How to Break Code
By
Greg Hoglund
,
Gary McGraw
Publisher
: Addison Wesley
Pub Date
: February 17, 2004
ISBN
: 0-201-78695-8
Pages
: 512
How does software break? How do attackers make software break on purpose? Why are
firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys?
What tools can be used to break software? This book provides the answers.
Exploiting Software
is loaded with examples of real attacks, attack patterns, tools, and
techniques used by bad guys to break software. If you want to protect your software from
attack, you must first learn how real attacks are really carried out.
This must-have book may shock you—and it will certainly educate you.Getting beyond the
script kiddie treatment found in many hacking books, you will learn about
Why software exploit will continue to be a serious problem
When network security mechanisms do not work
Attack patterns
Reverse engineering
Classic attacks against server software
Surprising attacks against client software
Techniques for crafting malicious input
The technical details of buffer overflows
Rootkits
Exploiting Software
is filled with the tools, concepts, and knowledge necessary to break
software.
75 Arlington Street, Suite 300
Boston, MA 02116
Fax: (617) 848-7047
Text printed on recycled paper
1 2 3 4 5 6 7 8 9 10—CRS—0807060504
First printing, February 2004
Dedication
In memory of Nancy Simone McGraw (1939–2003).
Bye, Mom.
•
Table of Contents
•
Index
Exploiting Software How to Break Code
By
Greg Hoglund
,
Gary McGraw
Publisher
: Addison Wesley
Pub Date
: February 17, 2004
ISBN
: 0-201-78695-8
Pages
: 512
How does software break? How do attackers make software break on purpose? Why are
firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys?
What tools can be used to break software? This book provides the answers.
Exploiting Software
is loaded with examples of real attacks, attack patterns, tools, and
techniques used by bad guys to break software. If you want to protect your software from
attack, you must first learn how real attacks are really carried out.
This must-have book may shock you—and it will certainly educate you.Getting beyond the
script kiddie treatment found in many hacking books, you will learn about
Why software exploit will continue to be a serious problem
When network security mechanisms do not work
Attack patterns
Reverse engineering
Classic attacks against server software
Surprising attacks against client software
Techniques for crafting malicious input
The technical details of buffer overflows
Rootkits
Exploiting Software
is filled with the tools, concepts, and knowledge necessary to break
software.
Praise for
Exploiting Software
"
Exploiting Software
highlights the most critical part of the software quality problem. As
it turns out, software quality problems are a major contributing factor to computer
security problems. Increasingly, companies large and small depend on software to run
their businesses every day. The current approach to software quality and security taken
by software companies, system integrators, and internal development organizations is
like driving a car on a rainy day with worn-out tires and no air bags. In both cases, the
odds are that something bad is going to happen, and there is no protection for the
occupant/owner.
This book will help the reader understand how to make software quality part of the
design—a key change from where we are today!"
—
Tony Scott Chief Technology Officer, IS&S General Motors Corporation
"It's about time someone wrote a book to teach the good guys what the bad guys
already know. As the computer security industry matures, books like
Exploiting Software
have a critical role to play."
—
Bruce Schneier Chief Technology Officer Counterpane Author of
Beyond Fear
and
Secrets and Lies
"
Exploiting Software
cuts to the heart of the computer security problem, showing why
broken software presents a clear and present danger. Getting past the 'worm of the day'
phenomenon requires that someone other than the bad guys understands how software
is attacked.
This book is a wake-up call for computer security."
—
Elinor Mills Abreu Reuters' correspondent
"Police investigators study how criminals think and act. Military strategists learn about
the enemy's tactics, as well as their weapons and personnel capabilities. Similarly,
information security professionals need to study their criminals and enemies, so we can
tell the difference between popguns and weapons of mass destruction. This book is a
significant advance in helping the 'white hats' understand how the 'black hats' operate.
Through extensive examples and 'attack patterns,' this book helps the reader
understand how attackers analyze software and use the results of the analysis to attack
systems. Hoglund and McGraw explain not only how hackers attack servers, but also
how malicious server operators can attack clients (and how each can protect themselves
from the other). An excellent book for practicing security engineers, and an ideal book
for an undergraduate class in software security."
—
Jeremy Epstein Director, Product Security & Performance webMethods, Inc.
"A provocative and revealing book from two leading security experts and world class
software exploiters,
Exploiting Software
enters the mind of the cleverest and wickedest
crackers and shows you how they think. It illustrates general principles for breaking
software, and provides you a whirlwind tour of techniques for finding and exploiting
software vulnerabilities, along with detailed examples from real software exploits.
Exploiting Software
is essential reading for anyone responsible for placing software in a
hostile environment—that is, everyone who writes or installs programs that run on the
Internet."
—
Dave Evans, Ph.D. Associate Professor of Computer Science University of Virginia
•
Table of Contents
•
Index
Exploiting Software How to Break Code
By
Greg Hoglund
,
Gary McGraw
Publisher
: Addison Wesley
Pub Date
: February 17, 2004
ISBN
: 0-201-78695-8
Pages
: 512
How does software break? How do attackers make software break on purpose? Why are
firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys?
What tools can be used to break software? This book provides the answers.
Exploiting Software
is loaded with examples of real attacks, attack patterns, tools, and
techniques used by bad guys to break software. If you want to protect your software from
attack, you must first learn how real attacks are really carried out.
This must-have book may shock you—and it will certainly educate you.Getting beyond the
script kiddie treatment found in many hacking books, you will learn about
Why software exploit will continue to be a serious problem
When network security mechanisms do not work
Attack patterns
Reverse engineering
Classic attacks against server software
Surprising attacks against client software
Techniques for crafting malicious input
The technical details of buffer overflows
Rootkits
Exploiting Software
is filled with the tools, concepts, and knowledge necessary to break
software.
"The root cause for most of today's Internet hacker exploits and malicious software
outbreaks are buggy software and faulty security software deployment. In
Exploiting
Software
, Greg Hoglund and Gary McGraw help us in an interesting and provocative
way to better defend ourselves against malicious hacker attacks on those software
loopholes.
The information in this book is an essential reference that needs to be understood,
digested, and aggressively addressed by IT and information security professionals
everywhere."
—
Ken Cutler, CISSP, CISA Vice President, Curriculum Development & Professional
Services, MIS Training Institute
"This book describes the threats to software in concrete, understandable, and
frightening detail. It also discusses how to find these problems before the bad folks do.
A valuable addition to every programmer's and security person's library!"
—
Matt Bishop, Ph.D. Professor of Computer Science University of California at Davis
Author of
Computer Security: Art and Science
"Whether we slept through software engineering classes or paid attention, those of us
who build things remain responsible for achieving meaningful and measurable
vulnerability reductions. If you can't afford to stop all software manufacturing to teach
your engineers how to build secure software from the ground up, you should at least
increase awareness in your organization by demanding that they read
Exploiting
Software
. This book clearly demonstrates what happens to broken software in the wild."
—
Ron Moritz, CISSP Senior Vice President, Chief Security Strategist Computer
Associates
"
Exploiting Software
is the most up-to-date technical treatment of software security I
have seen. If you worry about software and application vulnerability,
Exploiting
Software
is a must-read. This book gets at all the timely and important issues
surrounding software security in a technical, but still highly readable and engaging,
way.
Hoglund and McGraw have done an excellent job of picking out the major ideas in
software exploit and nicely organizing them to make sense of the software security
jungle."
—
George Cybenko, Ph.D. Dorothy and Walter Gramm Professor of Engineering,
Dartmouth Founding Editor-in-Chief,
IEEE Security and Privacy
"This is a seductive book. It starts with a simple story, telling about hacks and cracks. It
draws you in with anecdotes, but builds from there. In a few chapters you find yourself
deep in the intimate details of software security. It is the rare technical book that is a
readable and enjoyable primer but has the substance to remain on your shelf as a
reference. Wonderful stuff."
—
Craig Miller, Ph.D. Chief Technology Officer for North America Dimension Data
"It's hard to protect yourself if you don't know what you're up against. This book has the
details you need to know about how attackers find software holes and exploit
them—details that will help you secure your own systems."
—
Ed Felten, Ph.D. Professor of Computer Science Princeton University
•
Table of Contents
•
Index
Exploiting Software How to Break Code
By
Greg Hoglund
,
Gary McGraw
Publisher
: Addison Wesley
Pub Date
: February 17, 2004
ISBN
: 0-201-78695-8
Pages
: 512
How does software break? How do attackers make software break on purpose? Why are
firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys?
What tools can be used to break software? This book provides the answers.
Exploiting Software
is loaded with examples of real attacks, attack patterns, tools, and
techniques used by bad guys to break software. If you want to protect your software from
attack, you must first learn how real attacks are really carried out.
This must-have book may shock you—and it will certainly educate you.Getting beyond the
script kiddie treatment found in many hacking books, you will learn about
Why software exploit will continue to be a serious problem
When network security mechanisms do not work
Attack patterns
Reverse engineering
Classic attacks against server software
Surprising attacks against client software
Techniques for crafting malicious input
The technical details of buffer overflows
Rootkits
Exploiting Software
is filled with the tools, concepts, and knowledge necessary to break
software.
Attack Patterns
Attack Pattern: Make the Client Invisible
150
Attack Pattern: Target Programs That Write to Privileged OS Resources
152
Attack Pattern: Use a User-Supplied Configuration File to Run Commands That Elevate
Privilege
153
Attack Pattern: Make Use of Configuration File Search Paths
156
Attack Pattern: Direct Access to Executable Files
162
Attack Pattern: Embedding Scripts within Scripts
164
Attack Pattern: Leverage Executable Code in Nonexecutable Files
165
Attack Pattern: Argument Injection
169
Attack Pattern: Command Delimiters
172
Attack Pattern: Multiple Parsers and Double Escapes
173
Attack Pattern: User-Supplied Variable Passed to File System Calls
185
Attack Pattern: Postfix NULL Terminator
186
Attack Pattern: Postfix, Null Terminate, and Backslash
186
Attack Pattern: Relative Path Traversal
187
Attack Pattern: Client-Controlled Environment Variables
189
Attack Pattern: User-Supplied Global Variables (DEBUG=1, PHP Globals, and So Forth)
190
Attack Pattern: Session ID, Resource ID, and Blind Trust
192
Attack Pattern: Analog In-Band Switching Signals (aka "Blue Boxing")
205
Attack Pattern Fragment: Manipulating Terminal Devices
210
Attack Pattern: Simple Script Injection
214
Attack Pattern: Embedding Script in Nonscript Elements
215
Attack Pattern: XSS in HTTP Headers
216
Attack Pattern: HTTP Query Strings
216
Attack Pattern: User-Controlled Filename
217
Attack Pattern: Passing Local Filenames to Functions That Expect a URL
225
Attack Pattern: Meta-characters in E-mail Header
226
Attack Pattern: File System Function Injection, Content Based
229
Attack Pattern: Client-side Injection, Buffer Overflow
231
Attack Pattern: Cause Web Server Misclassification
263
•
Table of Contents
•
Index
Exploiting Software How to Break Code
By
Greg Hoglund
,
Gary McGraw
Publisher
: Addison Wesley
Pub Date
: February 17, 2004
ISBN
: 0-201-78695-8
Pages
: 512
How does software break? How do attackers make software break on purpose? Why are
firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys?
What tools can be used to break software? This book provides the answers.
Exploiting Software
is loaded with examples of real attacks, attack patterns, tools, and
techniques used by bad guys to break software. If you want to protect your software from
attack, you must first learn how real attacks are really carried out.
This must-have book may shock you—and it will certainly educate you.Getting beyond the
script kiddie treatment found in many hacking books, you will learn about
Why software exploit will continue to be a serious problem
When network security mechanisms do not work
Attack patterns
Reverse engineering
Classic attacks against server software
Surprising attacks against client software
Techniques for crafting malicious input
The technical details of buffer overflows
Rootkits
Exploiting Software
is filled with the tools, concepts, and knowledge necessary to break
software.
Attack Pattern: Alternate Encoding the Leading Ghost Characters
267
Attack Pattern: Using Slashes in Alternate Encoding
268
Attack Pattern: Using Escaped Slashes in Alternate Encoding
270
Attack Pattern: Unicode Encoding
271
Attack Pattern: UTF-8 Encoding
273
Attack Pattern: URL Encoding
273
Attack Pattern: Alternative IP Addresses
274
Attack Pattern: Slashes and URL Encoding Combined
274
Attack Pattern: Web Logs
275
Attack Pattern: Overflow Binary Resource File
293
Attack Pattern: Overflow Variables and Tags
294
Attack Pattern: Overflow Symbolic Links
294
Attack Pattern: MIME Conversion
295
Attack Pattern: HTTP Cookies
295
Attack Pattern: Filter Failure through Buffer Overflow
296
Attack Pattern: Buffer Overflow with Environment Variables
297
Attack Pattern: Buffer Overflow in an API Call
297
Attack Pattern: Buffer Overflow in Local Command-Line Utilities
297
Attack Pattern: Parameter Expansion
298
Attack Pattern: String Format Overflow in
syslog()
324
[...]... necessary to break software • Table of Contents • Index Exploiting Software How to Break Code ByGreg Hoglund, Gary McGraw Publisher: Addison Wesley Pub Date: February 17, 2004 ISBN: 0-2 0 1-7 869 5-8 Pages: 512 How does software break? How do attackers make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? What tools can be used to break. .. Index Exploiting Software How to Break Code ByGreg Hoglund, Gary McGraw Publisher: Addison Wesley Pub Date: February 17, 2004 ISBN: 0-2 0 1-7 869 5-8 Pages: 512 How does software break? How do attackers make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? What tools can be used to break software? This book provides the answers Exploiting. .. against software • Table of Contents • Index Exploiting Software How to Break Code ByGreg Hoglund, Gary McGraw Publisher: Addison Wesley Pub Date: February 17, 2004 ISBN: 0-2 0 1-7 869 5-8 Pages: 512 How does software break? How do attackers make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? What tools can be used to break software? ... professionals This book is aimed directly toward software security as opposed to network security As security professionals come to grips with the software security problem, they need to understand how software systems break How does software break? How do attackers make software break on purpose? Why are Solutions to each of the problems discussed in Exploiting Software can be found in Building firewalls,... Hackers Think Exploiting Software How to Break Code ByGreg "Give a, Gary McGraw Hoglund man a crack, and he'll be hungry again tomorrow, teach him how to crack, and he'll never be hungry again." Publisher: Addison Wesley —+ORC Pub Date: February 17, 2004 What ISBN: 0-2 0 1-7 869 5-8 do people that break software maliciously believe? How do they approach Pages: 512 the problem of exploiting software? What... damage intentionally and to steal valuable information In the final analysis, software defects lead directly to software exploit How does software break? How do attackers make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? What tools can be used to break software? This book provides the answers Exploiting Software is loaded... Rootkits Exploiting Software is filled with the tools, concepts, and knowledge necessary to break software What This Book Is About This book closely examines many real-world software exploits, explaining how and why they work, the attack patterns they are based on, and in some cases how they were discovered Along the way, this book also shows how to uncover new software vulnerabilities and how to • use... professionals 2004 Pub Date: February 17, interested in how to find new flaws in software This book should be of particular interest to security practitioners working to beef up their software security skills, ISBN: 0-2 0 1-7 869 5-8 including red teams and ethical hackers Pages: 512 Exploiting Software is about how to break code Our intention is to provide a realistic view of the technical issues faced... February 17, 2004 ISBN: 0-2 0 1-7 869 5-8 Perhaps this book will shock you No matter what, it will educate you Pages: 512 How does software break? How do attackers make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? What tools can be used to break software? This book provides the answers Exploiting Software is loaded with examples... secrets and How to Break Code Exploiting Software conjured up a shell for you Hacking the machine is almost always about exploiting software And more often than not, the machine is not even a standard ByGreg Hoglund, Gary McGraw computer.[1] Almost all modern systems share a common Achilles' heel in the form of software This book shows you how software breaks and teaches you how to exploit software Publisher: . Software
is filled with the tools, concepts, and knowledge necessary to break
software.
•
Table of Contents
•
Index
Exploiting Software How to Break. Software
is filled with the tools, concepts, and knowledge necessary to break
software.
•
Table of Contents
•
Index
Exploiting Software How to Break
Ngày đăng: 18/01/2014, 06:20
Xem thêm: Tài liệu Exploiting Software - How to Break Code pdf, Tài liệu Exploiting Software - How to Break Code pdf, Chapter 1. Software-The Root of the Problem, Chapter 3. Reverse Engineering and Program Understanding