2 of 4 people found the following review helpful
Better books are now available,
This review is from: Buffer Overflow Attacks: Detect, Exploit, Prevent (Paperback)I read "Buffer Overflow Attacks" as part of a collection of books on writing exploit code (reviewed separately). I have to give credit to the author team for writing one of the first books on this subject; Syngress published BOA in 2005, when the subject received less published coverage. However, better books are available now if you want to learn the sort of material found in BOA.
I'd like to offer a few reasons for a two star review. First, the book is published in a weird format -- 8.8 x 6 x 1.3 inches. I don't know why the publisher produced such a physically small but thick book. Second, this book suffers from too many authors addressing the same issues. BOA is disorganized and internally repetitive. There's no consistent style; some chapters prefer to show memory as a line of characters, others show hex dumps, while others show screen captures. Third, in many sections the writing style is too difficult to follow. Often code is listed for the reader, followed by page upon page of "Analysis." It's tough to match the explanation with the code. Furthermore, many of these Analysis sections have mistakes or look incomplete. Finally, the material itself isn't very compelling. For example, the "introduction to assembly" in chapter 2 is weak, and the book doesn't mention the differences between Intel and AT&T syntax until p 179!
One other point -- if you have the Syngress book Writing Security Tools and Exploits (WSTAE), you already have most of BOA. Ch 1 and Ch 2 appears to be the same in both books. Ch 3 in BOA is Ch 5 in WSTAE, 4 in BOA is 6 in WSTAE, 5 in BOA is 7 in WSTAE, and so on. Duplication of chapters was a problem for Syngress in the mid-2000s, unfortunately.
Thankfully, Syngress and others are publishing much better offensive security books now. I recommend checking for newer resources.
Sort: Oldest first | Newest first
Showing 1-1 of 1 posts in this discussion
Initial post: Aug 5, 2011 6:33:48 PM PDT
Last edited by the author on Aug 5, 2011 6:37:19 PM PDT
R. Singh says:
I appreciate your reviews and most of my library selections are based on them. What specific books in this topic would you recommend? Thanks
‹ Previous 1 Next ›