How does software break? How do attackers make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? What tools can be used to break software? This book provides the answers. Exploiting Software is loaded with examples of real attacks, attack patterns, tools, and techniques used by bad guys to break software. If you want to protect your software from attack, you must first learn how real attacks are really carried out. This must-have book may shock you--and it will certainly educate you.Getting beyond the script kiddie treatment found in many hacking books, you will learn about Why software exploit will continue to be a serious problem, When network security mechanisms do not work, Attack patterns, Reverse engineering, Classic attacks against server software, Surprising attacks against client software, Techniques for crafting malicious input, The technical details of buffer overflows, Rootkits, Exploiting Software is filled with the tools, concepts, and knowledge necessary to break software.
Review By: Mike Andrews 12/11/2005Security is increasingly becoming a serious concern for most types of software, but unfortunately it is still considered a black art by many. The overall goal of "Exploiting Software" by Greg Hoglund and Gary McGraw is to show how software breaks and compromises security, and how the bad guys go about forcing it to happen.
"Exploiting Software" starts with an introduction to the history of bad software and some of the big myths of security. Personally I find that a lot of this initial material is overly alarmist, but it does help drive the point home. The text contains a wealth of detail and examples.
This book is not for the faint-hearted casual tester. It focuses a great deal of effort upon the underlying low-level details of particular attacks. One must commend the authors for taking this approach, as it will undoubtedly turn some readers off. However, understanding the mechanisms of attacks is important, to know how it relates to your own software’s context, the various ways to test for an exploit, and how to protect against attack. This is unfortunately where the book is a let down; despite the first-class discussion of attacks themselves, the authors often follow one specific example of what to look for and avoid mentioning ways in which an attack can be fixed or mitigated.
For anyone interested in software security this is a "must have" book. Its content and various low-level attacks may not appeal to many, and it certainly isn't a "how to" book, but it will provide the ground knowledge of how the real bad-guys can attack your software.
Hoglund and McGraw identify and discuss many of the common attacks in varying degrees of detail. For example, an entire chapter is dedicated to buffer overflows. There's also a well-written portion devoted to reverse engineering tools and techniques. It is interesting to see how hackers obtain a working knowledge of code to which they don't have access. Reverse engineering requires a lot of skill. However this technique uncovers vulnerable places in high-level source code that may not be immediately obvious. For other attacks against software, there are a short "attack patterns" that describe the basics of potential security flaws. These are the gems of this book.
Overall a lot of information is encapsulated here and it is easy to read despite its technical content. It is a good resource for delving into the deeper parts of security testing.
"Exploiting Software" may not be for the average tester interested in security. However, understanding the potential of attacks on software makes this book a must-have.