Exploiting Software: How to Break Code 1st Edition

4.5 out of 5 stars 39 ratings
ISBN-13: 978-0201786958
ISBN-10: 0201786958
Why is ISBN important?
ISBN
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Share
Loading your book clubs
There was a problem loading your book clubs. Please try again.
Not in a club? Learn more
Amazon book clubs early access

Join or create book clubs

Choose books together

Track your books
Bring your club to Amazon Book Clubs, start a new book club and invite your friends to join, or find a club that’s right for you for free.
Used: Good | Details
Sold by DRW Books+
Condition: Used: Good
Comment: A solid copy in good shape with an average amount of wear from use. 100% Guaranteed. Ships directly from Amazon!
Access codes and supplements are not guaranteed with used items.
Get Fast, Free Shipping with Amazon Prime
FREE delivery Wednesday, July 6 if you spend $25 on items shipped by Amazon
Only 1 left in stock - order soon.
Available at a lower price from other sellers that may not offer free Prime shipping.
List Price: $64.99 Details
Save: $30.90 (48%)
FREE delivery Wednesday, July 6
Or fastest delivery Friday, July 1. Order within 6 hrs
Exploiting Software: How ... has been added to your Cart
Available at a lower price from other sellers that may not offer free Prime shipping.

Amazon First Reads | Editors' picks at exclusive prices

Frequently bought together

  • Exploiting Software: How to Break Code
  • +
  • Hacking: The Art of Exploitation, 2nd Edition
  • +
  • Reversing: Secrets of Reverse Engineering
Total price:
To see our price, add these items to your cart.
Some of these items ship sooner than the others.
Choose items to buy together.

Editorial Reviews

Amazon.com Review

Computing hardware would have no value without software; software tells hardware what to do. Software therefore must have special authority within computing systems. All computer security problems stem from that fact, and Exploiting Software: How to Break Code shows you how to design your software so it's as resistant as possible to attack. Sure, everything's phrased in offensive terms (as instructions for the attacker, that is), but this book has at least as much value in showing designers what sorts of attacks their software will face (the book could serve as a checklist for part of a pre-release testing regimen). Plus, the clever reverse-engineering strategies that Greg Hoglund and Gary McGraw teach will be useful in many legitimate software projects. Consider this a recipe book for mayhem, or a compendium of lessons learned by others. It depends on your situation.

PHP programmers will take issue with the authors' blanket assessment of their language ("PHP is a study in bad security"), much of which seems based on older versions of the language that had some risky default behaviors--but those programmers will also double-check their servers' register_globals settings. Users of insufficiently patched Microsoft and Oracle products will worry about the detailed attack instructions this book contains. Responsible programmers and administrators will appreciate what amounts to documentation of attackers' rootkits for various operating systems, and will raise their eyebrows at the techniques for writing malicious code to unused EEPROM chips in target systems. --David Wall

Topics covered: How to make software fail, either by doing something it wasn't designed to do, or by denying its use to its rightful users. Techniques--including reverse engineering, buffer overflow, and particularly provision of unexpected input--are covered along with the tools needed to carry them out. A section on hardware viruses is detailed and frightening.

From the Back Cover

Praise for Exploiting Software

Exploiting Software highlights the most critical part of the software quality problem. As it turns out, software quality problems are a major contributing factor to computer security problems. Increasingly, companies large and small depend on software to run their businesses every day. The current approach to software quality and security taken by software companies, system integrators, and internal development organizations is like driving a car on a rainy day with worn-out tires and no air bags. In both cases, the odds are that something bad is going to happen, and there is no protection for the occupant/owner. This book will help the reader understand how to make software quality part of the design―a key change from where we are today!”

         ― Tony Scott
             Chief Technology Officer, IS&S
             General Motors Corporation

“It’s about time someone wrote a book to teach the good guys what the bad guys already know. As the computer security industry matures, books like Exploiting Software have a critical role to play.”

         ― Bruce Schneier
             Chief Technology Officer
             Counterpane
             Author of
Beyond Fear and Secrets and Lies

Exploiting Software cuts to the heart of the computer security problem, showing why broken software presents a clear and present danger. Getting past the ‘worm of the day’ phenomenon requires that someone other than the bad guys understands how software is attacked. This book is a wake-up call for computer security.”

         ― Elinor Mills Abreu
             Reuters’ correspondent

“Police investigators study how criminals think and act. Military strategists learn about the enemy’s tactics, as well as their weapons and personnel capabilities. Similarly, information security professionals need to study their criminals and enemies, so we can tell the difference between popguns and weapons of mass destruction. This book is a significant advance in helping the ‘white hats’ understand how the ‘black hats’ operate. Through extensive examples and ‘attack patterns,’ this book helps the reader understand how attackers analyze software and use the results of the analysis to attack systems. Hoglund and McGraw explain not only how hackers attack servers, but also how malicious server operators can attack clients (and how each can protect themselves from the other). An excellent book for practicing security engineers, and an ideal book for an undergraduate class in software security.”

         ― Jeremy Epstein
             Director, Product Security & Performance
             webMethods, Inc.

“A provocative and revealing book from two leading security experts and world class software exploiters, Exploiting Software enters the mind of the cleverest and wickedest crackers and shows you how they think. It illustrates general principles for breaking software, and provides you a whirlwind tour of techniques for finding and exploiting soft


Product details

  • Publisher ‏ : ‎ Addison-Wesley Professional; 1st edition (February 17, 2004)
  • Language ‏ : ‎ English
  • Paperback ‏ : ‎ 512 pages
  • ISBN-10 ‏ : ‎ 0201786958
  • ISBN-13 ‏ : ‎ 978-0201786958
  • Item Weight ‏ : ‎ 1.95 pounds
  • Dimensions ‏ : ‎ 9.26 x 7.1 x 1.24 inches
  • Customer Reviews:
    4.5 out of 5 stars 39 ratings

About the authors

Follow authors to get new release updates, plus improved recommendations.

Customer reviews

4.5 out of 5 stars
4.5 out of 5
39 global ratings

Top reviews from the United States

Reviewed in the United States on July 16, 2011
6 people found this helpful
Report abuse
Reviewed in the United States on January 14, 2022
Reviewed in the United States on June 6, 2020
One person found this helpful
Report abuse
Reviewed in the United States on June 16, 2019
Reviewed in the United States on February 22, 2014
Reviewed in the United States on June 9, 2008
One person found this helpful
Report abuse
Reviewed in the United States on August 19, 2005
10 people found this helpful
Report abuse
Reviewed in the United States on April 18, 2010
One person found this helpful
Report abuse

Top reviews from other countries

lv
5.0 out of 5 stars Ottimo libro
Reviewed in Italy on September 12, 2013