Writing Security Tools and Exploits [Illustrated] [Paperback]

James C. Foster (Author), Vincent T. Liu (Author)

Book Description

Publication Date: March 11, 2006 | ISBN-10: 1597499978 | ISBN-13: 978-1597499972 | Edition: 1

Writing Security Tools and Exploits will be the foremost authority on vulnerability and security code and will serve as the premier educational reference for security professionals and software developers. The book will have over 600 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, this book will dive right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques will be included in both the Local and Remote Code sections of the book.

The book will be accompanied with a companion Web site containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD will also contain a copy of the author-developed Hacker Code Library v1.0. The Hacker Code Library will include multiple attack classes and functions that can be utilized to quickly create security programs and scripts. These classes and functions will simplify exploit and vulnerability tool development to an extent never before possible with publicly available software.

* Provides readers with working code to develop and modify the most common security tools including Nmap and Nessus
* Learn to reverse engineer and write exploits for various operating systems, databases, and applications
* Automate reporting and analysis of security log files

Editorial Reviews

About the Author

James C. Foster, Fellow, is the Deputy Director of Global Security Solution Development for Computer Sciences Corporation where he is responsible for the vision and development of physical, personnel, and data security solutions. Preceding CSC, Foster was the Director of Research and Development for Foundstone Inc. and was responsible for all aspects of product, consulting, and corporate R&D initiatives. Prior to joining Foundstone, Foster was an Executive Advisor and Research Scientist with Guardent Inc. and an adjunct author at Information Security Magazine, subsequent to working as Security Research Specialist for the Department of Defense. Foster is also a well published author with multiple commercial and educational papers; and has authored, contributed, or edited for major publications to include Snort 2.1 Intrusion Detection (Syngress, ISBN: 1-931836-04-3), Hacking Exposed, Fourth Edition, Anti-Hacker Toolkit, Second Edition, Advanced Intrusion Detection, Hacking the Code: ASP.NET Web Application Security (Syngress, ISBN: 1-932266-65-8), Anti-Spam Toolkit, Google Hacking for Penetration Techniques (Syngress, ISBN: 1-931836-36-1), and Sockets, Shellcode, Porting and Coding (Syngress ISBN: 1-597490-05-9).

Product Details

• Paperback: 650 pages
• Publisher: Syngress; 1 edition (March 11, 2006)
• Language: English
• ISBN-10: 1597499978
• ISBN-13: 978-1597499972
• Product Dimensions: 9.9 x 7 x 1.4 inches
• Shipping Weight: 2.4 pounds (View shipping rates and policies)
• Average Customer Review: 4.5 out of 5 stars  See all reviews (2 customer reviews)
• Amazon Best Sellers Rank: #921,387 in Books (See Top 100 in Books)

More About the Author

Vincent Liu, CISSP, is a Managing Partner at Stach & Liu, a security consulting firm providing IT security services to the Global 1000 and international financial institutions as well as U.S. and foreign governments.

Before founding Stach & Liu, Vincent led the Attack & Penetration and Reverse Engineering teams for the Global Security unit at Honeywell International. Prior to that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency.

Vincent is a sought after speaker and has presented his research at conferences including Black Hat, ToorCon, InfoSec World, SANS, and BlueHat. He has been published and quoted in CSO/CIO Magazine, ISSA Journal, and several other popular publications. He is a contributing author to DarkReading.com and SecurityWeek.com.

Vincent holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology.

Customer Reviews

Most Helpful Customer Reviews

18 of 18 people found the following review helpful:

5.0 out of 5 stars Excellent Book, but disappointing. . ., December 28, 2005

By 

Marco De Vivo "Mr. TCP/IP" (Miami, Florida United States) - See all my reviews
(REAL NAME)   

Amazon Verified Purchase

This review is from: Writing Security Tools and Exploits (Paperback)

Would like just to tell how good this book is (and it is indeed), but I am very disappointed by the fact that no CD is actually included and the companion Web site doesn't seem to exist either. !!

The Editorial review claims:

"The book is accompanied with a companion Web site containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD also contains a copy of the author-developed Hacker Code Library v1.0."

Well, sorrily, that's NOT true.

Perhaps this confusion is due to changes resulting from the merge of Syngress with ORA, but still not fair with buyers.

Otherwise, if you, like me, are a researcher (or just interested) in the "secure code" area, then buy the book in spite of all.

By far it is the very best book written about these issues. Best in the sense of most useful. Well designed organized, with in deep study of vulnerabilities and associated exploit codes. Shellcode is explained in a rich and fresh way and the Why, How and When of shellcode are explained under an integrated framework.

NASL and MSF are explained and used in detailed and useful examples, and IMHO, this book presents the most easy, clear and condensed explanation about the Race Conditions, Format Strings, and Buffer Overflows problems I ever read yet.

Warning: Not an entry level book. You need to be familiar with several software and hardware architecture concepts to obtain full benefits from it.

3 of 5 people found the following review helpful:

4.0 out of 5 stars Great Book Examines Security Exploitation, April 24, 2006

By 

Daniel McKinnon "Dan" (Tewksbury, MA USA) - See all my reviews
(VINE VOICE)   

This review is from: Writing Security Tools and Exploits (Paperback)

If you are an IT professional that needs to learn more about security exploitation and how people can get in and abuse your system, this is a great book for this purpose. Very technical book, not for beginners!!

If you work in IT and want to learn about how to keep the hackers out, this text is a worthwhile read for you

**** RECOMMENDED