Customer Reviews

Buffer Overflow Attacks: Detect, Exploit, Prevent

5 star:		(1)
4 star:		(3)
3 star:		(0)
2 star:		(2)
1 star:		(1)

 

 

Typically, a text on computing might give a cursory few pages (if even that!) on explaining what buffer overflow attacks are. This book takes a far more detailed look. It emphasises the writing of assembler. Which may put you, the interested reader, in a minority amongst programmers. Most of whom never write assembler.

The book teaches the writing and testing of shellcode. Very hands on. You learn to go back and forth between C source and its assembler equivalent, and how to use these when trying to induce stack overflows or attacking format strings, for example. Gritty and practical exposure. Analogous to working on a car engine. You have to get your hands dirty.

Most of the book's examples cover the Intel assembly language and the Microsoft operating systems. The book explains that this is certainly not because these are inherently riskier than alternatives. But a pragmatic reflection of Microsoft's and Intel's market dominance, which attracts attackers. For balance, examples are also shown of attacks against linux and HPUX.

For a book dedicated to such an important topic, my experience with this book was at best disappointing. This goes both for the authors (as they are primarily responsible for the material), as well as the publisher (Syngress). One would doubt whether the book has gone through any meaningful editorial review process. The errata posted on Syngress' site (bad site-design with a great deal of broken URLs in the book's relevant-links page by the way, and one "has to" sign up to obtain the errata) are utterly incomplete. The book at the time of this writing lacks an accompanying website (no reference in the errata or in the book itself).

This is an unfortunate development that one certainly notices in the recent publications pertaining to security topic, perhaps as a result of the urge to push content out to satisfy the hot-market demands.

On the technical front, the choice for the topics seems to be reasonably covering most corners; however, throughout the book there's a focus on pre-SP2 release of Microsoft Windows XP; why? If one of the objectives of the authors was to educate the audience on the topics (by providing practical and working examples), wouldn't such choice defeat the purpose?

Does Syngress (the publisher) employ proof readers?

I doubt it. This book is so full of errors and inaccuracies that it becomes painful to read after a while. Especially the annotated examples, where the line numbers for the code listings often bear no relation to the line numbers listed in the accompanying analysis.

And then there's the confusion of ESP and EIP in several places throughout the book. For a collection of 'expert information' it comes off as a rather amateurish production. Makes you wonder... what else have they got wrong?

You'll notice this is very much the same as the review I've posted for "Sockets, Shellcode, Porting & Coding"... that is because it too is horrendous for errors.

This is 2 books from Syngress I've got that are very poor quality. What's going on guys?

This is a great book to start understanding buffer overflows with. You do need some fimiliarity with assembly or you are not going to understand the code that is through out this book, almost every other page.

This gives step by step examples in reading, creating and disassembling shellcode and buffer overflows. I'v read some of the other reviews which suggest their was not much proof reading done it seems like it. I myself found many spelling erros but technical wise I have yet to see any. Maybe my second read I will find some.

I read "Buffer Overflow Attacks" as part of a collection of books on writing exploit code (reviewed separately). I have to give credit to the author team for writing one of the first books on this subject; Syngress published BOA in 2005, when the subject received less published coverage. However, better books are available now if you want to learn the sort of material found in BOA.

I'd like to offer a few reasons for a two star review. First, the book is published in a weird format -- 8.8 x 6 x 1.3 inches. I don't know why the publisher produced such a physically small but thick book. Second, this book suffers from too many authors addressing the same issues. BOA is disorganized and internally repetitive. There's no consistent style; some chapters prefer to show memory as a line of characters, others show hex dumps, while others show screen captures. Third, in many sections the writing style is too difficult to follow. Often code is listed for the reader, followed by page upon page of "Analysis." It's tough to match the explanation with the code. Furthermore, many of these Analysis sections have mistakes or look incomplete. Finally, the material itself isn't very compelling. For example, the "introduction to assembly" in chapter 2 is weak, and the book doesn't mention the differences between Intel and AT&T syntax until p 179!

One other point -- if you have the Syngress book Writing Security Tools and Exploits (WSTAE), you already have most of BOA. Ch 1 and Ch 2 appears to be the same in both books. Ch 3 in BOA is Ch 5 in WSTAE, 4 in BOA is 6 in WSTAE, 5 in BOA is 7 in WSTAE, and so on. Duplication of chapters was a problem for Syngress in the mid-2000s, unfortunately.

Thankfully, Syngress and others are publishing much better offensive security books now. I recommend checking for newer resources.

This book upset me. Not really the book itself, that's great, but what it implies: that this type of exploit hasn't gone away. I thought things were getting better, but the author explains that is an illusion: it's just that the reporting slacked off.

It is hard to believe that programmers keep making the same mistakes over and over again. This book shows what those mistakes are and how hackers exploit them. You need a good understanding of assembly language to get much out of this, but if you do have that background, this is a real eye-opener.

Extremely detailed, and some of this is a bit of a reach for me (it's been many a year since I did any C or Assembler), but it is fascinating, though in the same sense that watching a tiger stalk you would be: it's scary.

Certainly recommended for people who are writing code today, and I hope more of them pay attention, though the authors attitude seems to be that these problems will continue to plague us.

Buffer overflow attacks have been around for over 30 years, finally there is a book on the topic.

this is a valuable title and worth the wait!