Buffer Overflow Attacks: Detect, Exploit, Prevent [Illustrated] (Paperback)

~ James C. Foster (Author), (Author), Nish Bhalla (Author)
Key Phrases: byte character buffer, size local buffer, saved eip, Application Defense, Case Study, Code Dump (more...)

Editorial Reviews

Product Description

The SANS Institute maintains a list of the "Top 10 Software Vulnerabilities." At the current time, over half of these vulnerabilities are exploitable by Buffer Overflow attacks, making this class of attack one of the most common and most dangerous weapon used by malicious attackers. This is the first book specifically aimed at detecting, exploiting, and preventing the most common and dangerous attacks.

Buffer overflows make up one of the largest collections of vulnerabilities in existence; And a large percentage of possible remote exploits are of the overflow variety. Almost all of the most devastating computer attacks to hit the Internet in recent years including SQL Slammer, Blaster, and I Love You attacks. If executed properly, an overflow vulnerability will allow an attacker to run arbitrary code on the victim's machine with the equivalent rights of whichever process was overflowed. This is often used to provide a remote shell onto the victim machine, which can be used for further exploitation.

A buffer overflow is an unexpected behavior that exists in certain programming languages. This book provides specific, real code examples on exploiting buffer overflow attacks from a hacker's perspective and defending against these attacks for the software developer.

*Over half of the "SANS TOP 10 Software Vulnerabilities" are related to buffer overflows.

*None of the current-best selling software security books focus exclusively on buffer overflows.

*This book provides specific, real code examples on exploiting buffer overflow attacks from a hacker's perspective and defending against these attacks for the software developer.

Product Details

• Paperback: 512 pages
• Publisher: Syngress; 1 edition (March 7, 2005)
• Language: English
• ISBN-10: 1932266674
• ISBN-13: 978-1932266672
• Product Dimensions: 8.8 x 6 x 1.3 inches
• Shipping Weight: 1.5 pounds (View shipping rates and policies)
• Average Customer Review: 3.3 out of 5 stars  See all reviews (6 customer reviews)
• Amazon.com Sales Rank: #871,235 in Books (See Bestsellers in Books)

Customer Reviews

Most Helpful Customer Reviews

16 of 18 people found the following review helpful:

4.0 out of 5 stars practical advice, February 6, 2005

By	W Boudville (Terra, Sol 3) - See all my reviews (TOP 10 REVIEWER)    (REAL NAME)

Typically, a text on computing might give a cursory few pages (if even that!) on explaining what buffer overflow attacks are. This book takes a far more detailed look. It emphasises the writing of assembler. Which may put you, the interested reader, in a minority amongst programmers. Most of whom never write assembler.

The book teaches the writing and testing of shellcode. Very hands on. You learn to go back and forth between C source and its assembler equivalent, and how to use these when trying to induce stack overflows or attacking format strings, for example. Gritty and practical exposure. Analogous to working on a car engine. You have to get your hands dirty.

Most of the book's examples cover the Intel assembly language and the Microsoft operating systems. The book explains that this is certainly not because these are inherently riskier than alternatives. But a pragmatic reflection of Microsoft's and Intel's market dominance, which attracts attackers. For balance, examples are also shown of attacks against linux and HPUX.

9 of 10 people found the following review helpful:

2.0 out of 5 stars Proofread? Editorial and Technical reveiw?...., March 3, 2006

By	Hadi Nahari (Mountain View, CA USA) - See all my reviews

For a book dedicated to such an important topic, my experience with this book was at best disappointing. This goes both for the authors (as they are primarily responsible for the material), as well as the publisher (Syngress). One would doubt whether the book has gone through any meaningful editorial review process. The errata posted on Syngress' site (bad site-design with a great deal of broken URLs in the book's relevant-links page by the way, and one "has to" sign up to obtain the errata) are utterly incomplete. The book at the time of this writing lacks an accompanying website (no reference in the errata or in the book itself).

This is an unfortunate development that one certainly notices in the recent publications pertaining to security topic, perhaps as a result of the urge to push content out to satisfy the hot-market demands.

On the technical front, the choice for the topics seems to be reasonably covering most corners; however, throughout the book there's a focus on pre-SP2 release of Microsoft Windows XP; why? If one of the objectives of the authors was to educate the audience on the topics (by providing practical and working examples), wouldn't such choice defeat the purpose?

1 of 1 people found the following review helpful:

1.0 out of 5 stars Full of errors and inconsistencies, July 29, 2008

By	Byron Sonne (Canada) - See all my reviews (REAL NAME)

Does Syngress (the publisher) employ proof readers?

I doubt it. This book is so full of errors and inaccuracies that it becomes painful to read after a while. Especially the annotated examples, where the line numbers for the code listings often bear no relation to the line numbers listed in the accompanying analysis.

And then there's the confusion of ESP and EIP in several places throughout the book. For a collection of 'expert information' it comes off as a rather amateurish production. Makes you wonder... what else have they got wrong?

You'll notice this is very much the same as the review I've posted for "Sockets, Shellcode, Porting & Coding"... that is because it too is horrendous for errors.

This is 2 books from Syngress I've got that are very poor quality. What's going on guys?