Search inside another edition of this book

Buffer Overflow Attacks: Detect, Exploit, Prevent [Download: PDF] [Digital]

Jason Deckard (Author)

3.1 out of 5 stars See all reviews (7 customer reviews) |

Price:	$34.95
Deal Price:
	o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o

Available for download now.
Ships from and sold by Amazon.com.

Edition: e-document (Learn more)

Also Available in:	List Price:	Our Price:
Kindle Edition (Kindle eBook)		$23.57

Customers Who Viewed This Item Also Viewed

Sockets, Shellcode, Porting, and Coding: Revers... by James C Foster
3.6 out of 5 stars (7)

$34.87
Writing Security Tools and Exploits by James C. Foster
4.5 out of 5 stars (2)

$41.56
Cyber Spying Tracking Your Family's (Sometimes) S... by Ted Fair
4.3 out of 5 stars (15)

$30.97
Value-Range Analysis of C Programs: Towards Proving... by Axel Simon

$102.77
Programmer's Ultimate Security DeskRef: You... by James C Foster
1.8 out of 5 stars (4)

$40.62
Kindle Touch, Wi-Fi, 6" E Ink Display - includes Specia... by Amazon
3.9 out of 5 stars (3,194)

$99.00

Product Details

Do you have the free reader for this item?

Format: Adobe Reader (PDF)
Printable: Yes. This title is printable
Mac OS Compatible: OS 9.x or later
Windows Compatible: Yes
Handheld Compatible: Yes. Adobe Reader is available for PalmOS, Pocket PC, and Symbian OS.
Digital: 304 pages
Publisher: Syngress (February 21, 2005)

Average Customer Review: 3.1 out of 5 stars See all reviews (7 customer reviews)

Amazon Best Sellers Rank: #3,913,176 Paid in Books (See Top 100 Paid in Books)
- #26 in Books > e-Docs > By Publisher > Syngress
- #37 in Books > e-Docs > Subjects > Computers & Internet > Security
Required Free Software: Adobe Reader

Front Cover | Table of Contents | First Pages | Index | Surprise Me!

Inside This Book (learn more)
Browse and search another edition of this book.

Key Phrases - Statistically Improbable Phrases (SIPs): (learn more)
byte character buffer, size local buffer, saved eip, fake chunk, null byte problem, resizing strings, push byte, char shellcode, using strncpy, accept system call, writing shellcode, execve system call, shellcode examples, calling printf, jmp esp, xor ecx, push eax, mov byte ptr, push edx, format string specifiers, xor ebx, string vulnerabilities, system call arguments, call eax, format string bugs

Key Phrases - Capitalized Phrases (CAPs): (learn more)
Application Defense, Case Study, Code Dump, Frequently Asked Questions, Secure Software, References Overview, Doug Lea, Audit Workbench, Microsoft Windows, Source Code Analyzer, Ask the Author, Analysis First, Prexis Security Knowledgebase, Red Hat, Function Description, Julian Seward, Last Stage of Delirium, Assessment List, Deny All Access, Overview of Exploit, Physical Source Lines of Code, Rational Purify, Server Host, Service Pack, Sun Microsystems

New!
Books on Related Topics | Concordance | Text Stats

Browse Sample Pages:
Front Cover | Table of Contents | First Pages | Index | Surprise Me!

Citations (learn more)

1 book cites this book:

Computer Security by Dieter Gollmann in Back Matter

Books on Related Topics (learn more)

Hacking Exposed 5th Edition by Stuart McClure

Discusses:

Reversing by Eldad Eilam

Discusses:

The Shellcoder's Handbook by Jack Koziol

Discusses:

The Database Hacker's Handbook by David Litchfield

Discusses:

Suggested Tags from Similar Products

(What's this?)

Be the first one to add a relevant tag (keyword that's strongly related to this product).

kindle(61)

e-reader(39)

e-ink(27)

electronic book(22)

hacking(7)

computer security(5)

buffer overflow(2)

programming books(2)

rootkit(2)

security(8)

Customer Reviews

7 Reviews

5 star:		(1)
4 star:		(3)
3 star:		(0)
2 star:		(2)
1 star:		(1)

Average Customer Review

3.1 out of 5 stars (7 customer reviews)

Share your thoughts with other customers:

Create your own review

Most Helpful Customer Reviews

16 of 19 people found the following review helpful:

4.0 out of 5 stars practical advice, February 6, 2005

W Boudville (Terra, Sol 3) - See all my reviews
(VINE VOICE) (TOP 1000 REVIEWER) (HALL OF FAME REVIEWER) (REAL NAME)

This review is from: Buffer Overflow Attacks: Detect, Exploit, Prevent (Paperback)

Typically, a text on computing might give a cursory few pages (if even that!) on explaining what buffer overflow attacks are. This book takes a far more detailed look. It emphasises the writing of assembler. Which may put you, the interested reader, in a minority amongst programmers. Most of whom never write assembler.

The book teaches the writing and testing of shellcode. Very hands on. You learn to go back and forth between C source and its assembler equivalent, and how to use these when trying to induce stack overflows or attacking format strings, for example. Gritty and practical exposure. Analogous to working on a car engine. You have to get your hands dirty.

Most of the book's examples cover the Intel assembly language and the Microsoft operating systems. The book explains that this is certainly not because these are inherently riskier than alternatives. But a pragmatic reflection of Microsoft's and Intel's market dominance, which attracts attackers. For balance, examples are also shown of attacks against linux and HPUX.

Help other customers find the most helpful reviews

Was this review helpful to you? Yes No

Report abuse | Permalink

Comment Comment

9 of 10 people found the following review helpful:

2.0 out of 5 stars Proofread? Editorial and Technical reveiw?...., March 3, 2006

Hadi Nahari (Mountain View, CA USA) - See all my reviews

This review is from: Buffer Overflow Attacks: Detect, Exploit, Prevent (Paperback)

For a book dedicated to such an important topic, my experience with this book was at best disappointing. This goes both for the authors (as they are primarily responsible for the material), as well as the publisher (Syngress). One would doubt whether the book has gone through any meaningful editorial review process. The errata posted on Syngress' site (bad site-design with a great deal of broken URLs in the book's relevant-links page by the way, and one "has to" sign up to obtain the errata) are utterly incomplete. The book at the time of this writing lacks an accompanying website (no reference in the errata or in the book itself).

This is an unfortunate development that one certainly notices in the recent publications pertaining to security topic, perhaps as a result of the urge to push content out to satisfy the hot-market demands.

On the technical front, the choice for the topics seems to be reasonably covering most corners; however, throughout the book there's a focus on pre-SP2 release of Microsoft Windows XP; why? If one of the objectives of the authors was to educate the audience on the topics (by providing practical and working examples), wouldn't such choice defeat the purpose?

Help other customers find the most helpful reviews

Was this review helpful to you? Yes No

Report abuse | Permalink

Comment Comment

3 of 3 people found the following review helpful:

1.0 out of 5 stars Full of errors and inconsistencies, July 29, 2008

Byron Sonne (Canada) - See all my reviews
(REAL NAME)

This review is from: Buffer Overflow Attacks: Detect, Exploit, Prevent (Paperback)

Does Syngress (the publisher) employ proof readers?

I doubt it. This book is so full of errors and inaccuracies that it becomes painful to read after a while. Especially the annotated examples, where the line numbers for the code listings often bear no relation to the line numbers listed in the accompanying analysis.

And then there's the confusion of ESP and EIP in several places throughout the book. For a collection of 'expert information' it comes off as a rather amateurish production. Makes you wonder... what else have they got wrong?

You'll notice this is very much the same as the review I've posted for "Sockets, Shellcode, Porting & Coding"... that is because it too is horrendous for errors.

This is 2 books from Syngress I've got that are very poor quality. What's going on guys?

Help other customers find the most helpful reviews

Was this review helpful to you? Yes No

Report abuse | Permalink

Comment Comment

Share your thoughts with other customers: Create your own review

› See all 7 customer reviews...

Most Recent Customer Reviews

2.0 out of 5 stars Better books are now available
I read "Buffer Overflow Attacks" as part of a collection of books on writing exploit code (reviewed separately). Read more

Published 6 months ago by Richard Bejtlich

4.0 out of 5 stars Great book to start with.
This is a great book to start understanding buffer overflows with. You do need some fimiliarity with assembly or you are not going to understand the code that is through out this... Read more

Published on September 14, 2006 by C. G. Dimopoulos

5.0 out of 5 stars Finally a book on BO attacks
Buffer overflow attacks have been around for over 30 years, finally there is a book on the topic.

this is a valuable title and worth the wait!

Published on March 30, 2005 by Eric Kent

4.0 out of 5 stars Disturbing
This book upset me. Not really the book itself, that's great, but what it implies: that this type of exploit hasn't gone away. Read more

Published on February 26, 2005 by Anthony Lawrence

› See all 7 customer reviews...

.jsOffDisplayBlock { display: block; } .jsOffDisplayInline { display: inline; } .jsOffVisibility { visibility: visible; } .jsOnDisplayBlock { display: none; } .jsOnDisplayNoneBlock { display: block; } .jsOnDisplayNoneInline { display: inline; } .jsOnDisplayInline { display: none; } .jsOnVisibility { visibility: hidden; } .jqOnDisplayBlock { display: none; } .jqOnDisplayInline { display: none; } .jqOnVisibility { visibility: hidden; } .jqOnDisplayNoneBlock { display: block; } .jqOnDisplayNoneInline { display: inline; }