Greg Hoglund, Gary McGraw, Gary R. McGraw - Exploiting Software How to Break Code - How to Break Code

Write the first review!

Fr. 71.30

Greg Hoglund, Gary McGraw, Gary R. McGraw

Exploiting Software How to Break Code - How to Break Code

English · Paperback / Softback

Shipping usually within 1 to 3 weeks (not available at short notice)

Description

Read more

Attack Patterns. Foreword. Preface. What This Book Is About. How to Use This Book. But Isn't This Too Dangerous? Acknowledgments. 1. Software-The Root of the Problem. A Brief History of Software. Bad Software Is Ubiquitous. The Trinity of Trouble. The Future of Software. What Is Software Security? Conclusion. 2. Attack Patterns. A Taxonomy. An Open-Systems View. Tour of an Exploit. Attack Patterns: Blueprints for Disaster. An Example Exploit: Microsoft's Broken C++ Compiler. Applying Attack Patterns. Attack Pattern Boxes. Conclusion. 3. Reverse Engineering and Program Understanding. Into the House of Logic. Should Reverse Engineering Be Illegal? Reverse Engineering Tools and Concepts. Methods of the Reverser. Writing Interactive Disassembler (IDA) Plugins. Decompiling and Disassembling Software. Decompilation in Practice: Reversing helpctr.exe. Automatic, Bulk Auditing for Vulnerabilities. Writing Your Own Cracking Tools. Building a Basic Code Coverage Tool. Conclusion. 4. Exploiting Server Software. The Trusted Input Problem. The Privilege Escalation Problem. Finding Injection Points. Input Path Tracing. Exploiting Trust through Configuration. Specific Techniques and Attacks for Server Software. Conclusion. 5. Exploiting Client Software. Client-side Programs as Attack Targets. In-band Signals. Cross-site Scripting (XSS). Clients Scripts and Malicious Code. Content-Based Attacks. Backwash Attacks: Leveraging Client-side Buffer. Conclusion. 6. Crafting (Malicious) Input. The Defender's Dilemma. Intrusion Detection (Not). Partition Analysis. Tracing Code. Reversing Parser Code. Example: Reversing I-Planet Server 6.0 through the Front Door. Misclassification. Building “Equivalent" Requests. Audit Poisoning. Conclusion. 7. Buffer Overflow. Buffer Overflow 101. Injection Vectors: Input Rides Again. Buffer Overflows and Embedded Systems. Database Buffer Overflows. Buffer Overflows and Java?! Content-Based Buffer Overflow. Audit Truncation and Filters with Buffer Overflow. Causing Overflow and Environment Variables. The Multiple Operation Problem. Finding Potential Buffer Overflows. Stack Overflow. Arithmetic Errors in Memory Management. Format String Vulnerabilities. Heap Overflows. Buffer Overflows and C++. Payloads. Payloads on RISC Architectures. Multiplatform Payloads. Prolog/Epilog Code to Protect Functions. Conclusion. 8. Rootkits. Subversive Programs. A Simple Windows XP Kernel Rootkit. Call Hooking. Trojan Executable Redirection. Hiding Files and Directories. Patching Binary Code. The Hardware Virus. Low-Level Disk Access. Adding Network Support to a Driver. Interrupts. Key Logging. Advanced Rootkit Topics. Conclusion.

Product details

Authors Greg Hoglund, Gary McGraw, Gary R. McGraw
Publisher Addison-Wesley
 
Languages English
Product format Paperback / Softback
Released 11.03.2004
 
EAN 9780201786958
ISBN 978-0-201-78695-8
No. of pages 512
Series Addison-Wesley
Addison-Wesley Software Securi
Addison-Wesley
Subject Natural sciences, medicine, IT, technology > IT, data processing > Data communication, networks

Customer reviews

No reviews have been written for this item yet. Write the first review and be helpful to other users when they decide on a purchase.

Write a review

Thumbs up or thumbs down? Write your own review.

For messages to CeDe.ch please use the contact form.

The input fields marked * are obligatory

By submitting this form you agree to our data privacy statement.