Exploiting Software: How to Break Code

Paperback (Print)
Buy Used
Buy Used from BN.com
$38.23
(Save 41%)
Item is in good condition but packaging may have signs of shelf wear/aging or torn packaging.
Condition: Used – Good details
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 96%)
Other sellers (Paperback)
  • All (24) from $1.99   
  • New (8) from $41.26   
  • Used (16) from $1.99   

Overview

Praise for Exploiting Software

Exploiting Software highlights the most critical part of the software quality problem. As it turns out, software quality problems are a major contributing factor to computer security problems. Increasingly, companies large and small depend on software to run their businesses every day. The current approach to software quality and security taken by software companies, system integrators, and internal development organizations is like driving a car on a rainy day with worn-out tires and no air bags. In both cases, the odds are that something bad is going to happen, and there is no protection for the occupant/owner. This book will help the reader understand how to make software quality part of the design—a key change from where we are today!”

         —Tony Scott
             Chief Technology Officer, IS&S
             General Motors Corporation

“It’s about time someone wrote a book to teach the good guys what the bad guys already know. As the computer security industry matures, books like Exploiting Software have a critical role to play.”

         —Bruce Schneier
             Chief Technology Officer
             Counterpane
             Author of Beyond Fear and Secrets and Lies

Exploiting Software cuts to the heart of the computer security problem, showing why broken software presents a clear and present danger. Getting past the ‘worm of the day’ phenomenon requires that someone other than the bad guys understands how software is attacked. This book is a wake-up call for computer security.”

         —Elinor Mills Abreu
             Reuters’ correspondent

“Police investigators study how criminals think and act. Military strategists learn about the enemy’s tactics, as well as their weapons and personnel capabilities. Similarly, information security professionals need to study their criminals and enemies, so we can tell the difference between popguns and weapons of mass destruction. This book is a significant advance in helping the ‘white hats’ understand how the ‘black hats’ operate. Through extensive examples and ‘attack patterns,’ this book helps the reader understand how attackers analyze software and use the results of the analysis to attack systems. Hoglund and McGraw explain not only how hackers attack servers, but also how malicious server operators can attack clients (and how each can protect themselves from the other). An excellent book for practicing security engineers, and an ideal book for an undergraduate class in software security.”

         —Jeremy Epstein
             Director, Product Security & Performance
             webMethods, Inc.

“A provocative and revealing book from two leading security experts and world class software exploiters, Exploiting Software enters the mind of the cleverest and wickedest crackers and shows you how they think. It illustrates general principles for breaking software, and provides you a whirlwind tour of techniques for finding and exploiting software vulnerabilities, along with detailed examples from real software exploits. Exploiting Software is essential reading for anyone responsible for placing software in a hostile environment—that is, everyone who writes or installs programs that run on the Internet.”

         —Dave Evans, Ph.D.
             Associate Professor of Computer Science
             University of Virginia

“The root cause for most of today’s Internet hacker exploits and malicious software outbreaks are buggy software and faulty security software deployment. In Exploiting Software, Greg Hoglund and Gary McGraw help us in an interesting and provocative way to better defend ourselves against malicious hacker attacks on those software loopholes. The information in this book is an essential reference that needs to be understood, digested, and aggressively addressed by IT and information security professionals everywhere.”

         —Ken Cutler, CISSP, CISA
             Vice President, Curriculum Development & Professional Services,
             MIS Training Institute

“This book describes the threats to software in concrete, understandable, and frightening detail. It also discusses how to find these problems before the bad folks do. A valuable addition to every programmer’s and security person’s library!”

         —Matt Bishop, Ph.D.
             Professor of Computer Science
             University of California at Davis
             Author of Computer Security: Art and Science

“Whether we slept through software engineering classes or paid attention, those of us who build things remain responsible for achieving meaningful and measurable vulnerability reductions. If you can’t afford to stop all software manufacturing to teach your engineers how to build secure software from the ground up, you should at least increase awareness in your organization by demanding that they read Exploiting Software. This book clearly demonstrates what happens to broken software in the wild.”

         —Ron Moritz, CISSP
             Senior Vice President, Chief Security Strategist
             Computer Associates

Exploiting Software is the most up-to-date technical treatment of software security I have seen. If you worry about software and application vulnerability, Exploiting Software is a must-read. This book gets at all the timely and important issues surrounding software security in a technical, but still highly readable and engaging, way. Hoglund and McGraw have done an excellent job of picking out the major ideas in software exploit and nicely organizing them to make sense of the software security jungle.”

         —George Cybenko, Ph.D.
             Dorothy and Walter Gramm Professor of Engineering, Dartmouth
             Founding Editor-in-Chief, IEEE Security and Privacy

“This is a seductive book. It starts with a simple story, telling about hacks and cracks. It draws you in with anecdotes, but builds from there. In a few chapters you find yourself deep in the intimate details of software security. It is the rare technical book that is a readable and enjoyable primer but has the substance to remain on your shelf as a reference. Wonderful stuff.”

         —Craig Miller, Ph.D.
             Chief Technology Officer for North America
             Dimension Data

“It’s hard to protect yourself if you don’t know what you’re up against. This book has the details you need to know about how attackers find software holes and exploit them—details that will help you secure your own systems.”

         —Ed Felten, Ph.D.
             Professor of Computer Science
             Princeton University

“If you worry about software and application vulnerability, Exploiting Software is a must-read. This book gets at all the timely and important issues surrounding software security in a technical, but still highly readable and engaging way.”
         —George Cybenko, Ph.D.
             Dorothy and Walter Gramm Professor of Engineering, Dartmouth
             Founding Editor-in-Chief, IEEE Security and Privacy Magazine

Exploiting Software is the best treatment of any kind that I have seen on the topic of software vulnerabilities.”
         —From the Foreword by Aviel D. Rubin
             Associate Professor, Computer Science
             Technical Director, Information Security Institute, Johns Hopkins University

How does software break? How do attackers make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? What tools can be used to break software? This book provides the answers.

Exploiting Software is loaded with examples of real attacks, attack patterns, tools, and techniques used by bad guys to break software. If you want to protect your software from attack, you must first learn how real attacks are really carried out.

This must-have book may shock you--and it will certainly educate you.Getting beyond the script kiddie treatment found in many hacking books, you will learn about

  • Why software exploit will continue to be a serious problem
  • When network security mechanisms do not work
  • Attack patterns
  • Reverse engineering
  • Classic attacks against server software
  • Surprising attacks against client software
  • Techniques for crafting malicious input
  • The technical details of buffer overflows
  • Rootkits

Exploiting Software is filled with the tools, concepts, and knowledge necessary to break software.

Read More Show Less

Editorial Reviews

From Barnes & Noble
The Barnes & Noble Review
To protect your software, first understand why it’s vulnerable. Greg Hoglund and Gary McGraw have toured all of your software’s potential weaknesses -- and they’re worse than you think.

The authors systematically introduce “attack patterns”: today’s most common blueprints for exploiting vulnerabilities. You’ll take a detailed look at reverse engineering: what crackers are looking for, and how automation makes them even more dangerous.

Buffer overflows have rarely been considered in this depth before. You’ll also find excellent coverage of rootkits, malicious input, and attacks targeted specifically at clients or servers.

If you’re buying this book, you should know about McGraw’s Building Secure Software, a companion title focused solely on solutions. Whether you’re a developer, security pro, or ethical hacker, you need them both. Bill Camarda

Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2003 and Upgrading & Fixing Networks for Dummies, Second Edition.

Read More Show Less

Product Details

  • ISBN-13: 9780201786958
  • Publisher: Addison-Wesley
  • Publication date: 2/17/2004
  • Series: Addison-Wesley Software Security Series
  • Pages: 470
  • Sales rank: 721,130
  • Product dimensions: 6.94 (w) x 9.13 (h) x 1.19 (d)

Meet the Author

Greg Hoglund has been a pioneer in the area of software security. He is CEO of HBGary, Inc., a leading provider of software security verification services. After writing one of the first network vulnerability scanners (installed in over half of all Fortune 500 companies), he created and documented the first Windows NT-based rootkit, founding rootkit.com in the process. Greg is a frequent speaker at Black Hat, RSA, and other security conferences.

Gary McGraw, Cigital's CTO, is a leading authority on software security. Dr. McGraw is coauthor of the groundbreaking books Building Secure Software and Exploiting Software (both from Addison-Wesley). While consulting for major software producers and consumers, he has published over ninety peer-reviewed technical publications, and functions as principal investigator on grants from DARPA, the National Science Foundation, and NIST's Advanced Technology Program. He serves on the advisory boards of Authentica, Counterpane, and Fortify Software. He is also an advisor to the computer science departments at University of California, Davis, and the University of Virginia, as well as the School of Informatics at Indiana University.

Read More Show Less

Read an Excerpt

Software security is gaining momentum as security professionals realize that computer security is really all about making software behave. The publication of Building Secure Software in 2001 (Viega and McGraw) unleashed a number of related books that have crystallized software security as a critical field. Already, security professionals, software developers, and business leaders are resonating with the message and asking for more.

Building Secure Software (co-authored by McGraw) is intended for software professionals ranging from developers to managers, and is aimed at helping people develop more secure code. Exploiting Software is useful to the same target audience, but is really intended for security professionals interested in how to find new flaws in software. This book should be of particular interest to security practitioners working to beef up their software security skills, including red teams and ethical hackers.

Exploiting Software is about how to break code. Our intention is to provide a realistic view of the technical issues faced by security professionals. This book is aimed directly toward software security as opposed to network security. As security professionals come to grips with the software security problem, they need to understand how software systems break.

Solutions to each of the problems discussed in Exploiting Software can be found in Building Secure Software. The two books are mirror images of each other.

We believe that software security and application security practitioners are in for a reality check. The problem is that simple and popular approaches being hawked by upstart "application security" vendorsas solutions—such as canned black box testing tools—barely scratch the surface. This book aims to cut directly through the hype to the heart of the matter. We need to get real about what we're up against. This book describes exactly that.What This Book Is About

This book closely examines many real-world software exploits, explaining how and why they work, the attack patterns they are based on, and in some cases how they were discovered. Along the way, this book also shows how to uncover new software vulnerabilities and how to use them to break machines.

Chapter 1 describes why software is the root of the computer security problem. We introduce the trinity of trouble—complexity, extensibility, and connectivity—and describe why the software security problem is growing. We also describe the future of software and its implications for software exploit.

Chapter 2 describes the difference between implementation bugs and architectural flaws. We discuss the problem of securing an open system, and explain why risk management is the only sane approach. Two real-world exploits are introduced: one very simple and one technically complex. At the heart of Chapter 2 is a description of attack patterns. We show how attack patterns fit into the classic network security paradigm and describe the role that attack patterns play in the rest of the book.

The subject of Chapter 3 is reverse engineering. Attackers disassemble, decompile, and deconstruct programs to understand how they work and how they can be made not to. Chapter 3 describes common gray box analysis techniques, including the idea of using a security patch as an attack map. We discuss Interactive Disassembler (IDA), the state-of-the-art tool used by hackers to understand programs. We also discuss in detail how real cracking tools are built and used.

In Chapters 4, 5, 6, and 7, we discuss particular attack examples that provide instances of attack patterns. These examples are marked with an asterisk.

Chapters 4 and 5 cover the two ends of the client-server model. Chapter 4 begins where the book Hacking Exposed McClure et al., 1999 leaves off, discussing trusted input, privilege escalation, injection, path tracing, exploiting trust, and other attack techniques specific to server software. Chapter 5 is about attacking client software using in-band signals, cross-site scripting, and mobile code. The problem of backwash attacks is also introduced. Both chapters are studded with attack patterns and examples of real attacks.

Chapter 6 is about crafting malicious input. It goes far beyond standard-issue "fuzzing" to discuss partition analysis, tracing code, and reversing parser code. Special attention is paid to crafting equivalent requests using alternate encoding techniques. Once again, both real-world example exploits and the attack patterns that inspire them are highlighted throughout.

The whipping boy of software security, the dreaded buffer overflow, is the subject of Chapter 7. This chapter is a highly technical treatment of buffer overflow attacks that leverages the fact that other texts supply the basics. We discuss buffer overflows in embedded systems, database buffer overflows, buffer overflow as targeted against Java, and content-based buffer overflows. Chapter 7 also describes how to find potential buffer overflows of all kinds, including stack overflows, arithmetic errors, format string vulnerabilities, heap overflows, C++ vtables, and multistage trampolines. Payload architecture is covered in detail for a number of platforms, including x86, MIPS, SPARC, and PA-RISC. Advanced techniques such as active armor and the use of trampolines to defeat weak security mechanisms are also covered. Chapter 7 includes a large number of attack patterns.

Chapter 8 is about rootkits—the ultimate apex of software exploit. This is what it means for a machine to be "owned." Chapter 8 centers around code for a real Windows XP rootkit. We cover call hooking, executable redirection, hiding files and processes, network support, and patching binary code. Hardware issues are also discussed in detail, including techniques used in the wild to hide rootkits in EEPROM. A number of advanced rootkit topics top off Chapter 8.

As you can see, Exploiting Software runs the gamut of software risk, from malicious input to stealthy rootkits. Using attack patterns, real code, and example exploits, we clearly demonstrate the techniques that are used every day by real malicious hackers against software.How to Use This Book

This book is useful to many different kinds of people: network administrators, security consultants, information warriors, developers, and security programmers.


  • If you are responsible for a network full of running software, you should read this book to learn the kinds of weaknesses that exist in your system and how they are likely to manifest.
  • If you are a security consultant, you should read this book so you can effectively locate, understand, and measure security holes in customer systems.
  • If you are involved in offensive information warfare, you should use this book to learn how to penetrate enemy systems through software.
  • If you create software for a living, you should read this book to understand how attackers will approach your creation. Today, all developers should be security minded. The knowledge here will arm you with a real understanding of the software security problem.
  • If you are a security programmer who knows your way around code, you will love this book.

The primary audience for this book is the security programmer, but there are important lessons here for all computer professionals.But Isn't This Too Dangerous?

It's important to emphasize that none of the information we discuss here is news to the hacker community. Some of these techniques are as old as the hills. Our real objective is to provide some eye-opening information and up the level of discourse in software security.

Some security experts may worry that revealing the techniques described in this book will encourage more people to try them out. Perhaps this is true, but hackers have always had better lines of communication and information sharing than the good guys. This information needs to be understood and digested by security professionals so that they know the magnitude of the problem and they can begin to address it properly. Shall we grab the bull by the horns or put our head in the sand?

Perhaps this book will shock you. No matter what, it will educate you.

Read More Show Less

Table of Contents

Attack Patterns.

Foreword.

Preface.

What This Book Is About.

How to Use This Book.

But Isn't This Too Dangerous?

Acknowledgments.

1. Software—The Root of the Problem.

A Brief History of Software.

Bad Software Is Ubiquitous.

The Trinity of Trouble.

The Future of Software.

What Is Software Security?

Conclusion.

2. Attack Patterns.

A Taxonomy.

An Open-Systems View.

Tour of an Exploit.

Attack Patterns: Blueprints for Disaster.

An Example Exploit: Microsoft's Broken C++ Compiler.

Applying Attack Patterns.

Attack Pattern Boxes.

Conclusion.

3. Reverse Engineering and Program Understanding.

Into the House of Logic.

Should Reverse Engineering Be Illegal?

Reverse Engineering Tools and Concepts.

Methods of the Reverser.

Writing Interactive Disassembler (IDA) Plugins.

Decompiling and Disassembling Software.

Decompilation in Practice: Reversing helpctr.exe.

Automatic, Bulk Auditing for Vulnerabilities.

Writing Your Own Cracking Tools.

Building a Basic Code Coverage Tool.

Conclusion.

4. Exploiting Server Software.

The Trusted Input Problem.

The Privilege Escalation Problem.

Finding Injection Points.

Input Path Tracing.

Exploiting Trust through Configuration.

Specific Techniques and Attacks for Server Software.

Conclusion.

5. Exploiting Client Software.

Client-side Programs as Attack Targets.

In-band Signals.

Cross-site Scripting (XSS).

Clients Scripts and Malicious Code.

Content-Based Attacks.

Backwash Attacks: Leveraging Client-side Buffer.

Conclusion.

6. Crafting (Malicious) Input.

The Defender's Dilemma.

Intrusion Detection (Not).

Partition Analysis.

Tracing Code.

Reversing Parser Code.

Example: Reversing I-Planet Server 6.0 through the Front Door.

Misclassification.

Building “Equivalent" Requests.

Audit Poisoning.

Conclusion.

7. Buffer Overflow.

Buffer Overflow 101.

Injection Vectors: Input Rides Again.

Buffer Overflows and Embedded Systems.

Database Buffer Overflows.

Buffer Overflows and Java?!

Content-Based Buffer Overflow.

Audit Truncation and Filters with Buffer Overflow.

Causing Overflow and Environment Variables.

The Multiple Operation Problem.

Finding Potential Buffer Overflows.

Stack Overflow.

Arithmetic Errors in Memory Management.

Format String Vulnerabilities.

Heap Overflows.

Buffer Overflows and C++.

Payloads.

Payloads on RISC Architectures.

Multiplatform Payloads.

Prolog/Epilog Code to Protect Functions.

Conclusion.

8. Rootkits.

Subversive Programs.

A Simple Windows XP Kernel Rootkit.

Call Hooking.

Trojan Executable Redirection.

Hiding Files and Directories.

Patching Binary Code.

The Hardware Virus.

Low-Level Disk Access.

Adding Network Support to a Driver.

Interrupts.

Key Logging.

Advanced Rootkit Topics.

Conclusion.

References.

Index.

Read More Show Less

Preface

Software security is gaining momentum as security professionals realize that computer security is really all about making software behave. The publication of Building Secure Software in 2001 (Viega and McGraw) unleashed a number of related books that have crystallized software security as a critical field. Already, security professionals, software developers, and business leaders are resonating with the message and asking for more.

Building Secure Software (co-authored by McGraw) is intended for software professionals ranging from developers to managers, and is aimed at helping people develop more secure code. Exploiting Software is useful to the same target audience, but is really intended for security professionals interested in how to find new flaws in software. This book should be of particular interest to security practitioners working to beef up their software security skills, including red teams and ethical hackers.

Exploiting Software is about how to break code. Our intention is to provide a realistic view of the technical issues faced by security professionals. This book is aimed directly toward software security as opposed to network security. As security professionals come to grips with the software security problem, they need to understand how software systems break.

Solutions to each of the problems discussed in Exploiting Software can be found in Building Secure Software. The two books are mirror images of each other.

We believe that software security and application security practitioners are in for a reality check. The problem is that simple and popular approaches being hawked by upstart "application security" vendors as solutions--such as canned black box testing tools--barely scratch the surface. This book aims to cut directly through the hype to the heart of the matter. We need to get real about what we're up against. This book describes exactly that.

What This Book Is About

This book closely examines many real-world software exploits, explaining how and why they work, the attack patterns they are based on, and in some cases how they were discovered. Along the way, this book also shows how to uncover new software vulnerabilities and how to use them to break machines.

Chapter 1 describes why software is the root of the computer security problem. We introduce the trinity of trouble--complexity, extensibility, and connectivity--and describe why the software security problem is growing. We also describe the future of software and its implications for software exploit.

Chapter 2 describes the difference between implementation bugs and architectural flaws. We discuss the problem of securing an open system, and explain why risk management is the only sane approach. Two real-world exploits are introduced: one very simple and one technically complex. At the heart of Chapter 2 is a description of attack patterns. We show how attack patterns fit into the classic network security paradigm and describe the role that attack patterns play in the rest of the book.

The subject of Chapter 3 is reverse engineering. Attackers disassemble, decompile, and deconstruct programs to understand how they work and how they can be made not to. Chapter 3 describes common gray box analysis techniques, including the idea of using a security patch as an attack map. We discuss Interactive Disassembler (IDA), the state-of-the-art tool used by hackers to understand programs. We also discuss in detail how real cracking tools are built and used.

In Chapters 4, 5, 6, and 7, we discuss particular attack examples that provide instances of attack patterns. These examples are marked with an asterisk.

Chapters 4 and 5 cover the two ends of the client-server model. Chapter 4 begins where the book Hacking Exposed McClure et al., 1999 leaves off, discussing trusted input, privilege escalation, injection, path tracing, exploiting trust, and other attack techniques specific to server software. Chapter 5 is about attacking client software using in-band signals, cross-site scripting, and mobile code. The problem of backwash attacks is also introduced. Both chapters are studded with attack patterns and examples of real attacks.

Chapter 6 is about crafting malicious input. It goes far beyond standard-issue "fuzzing" to discuss partition analysis, tracing code, and reversing parser code. Special attention is paid to crafting equivalent requests using alternate encoding techniques. Once again, both real-world example exploits and the attack patterns that inspire them are highlighted throughout.

The whipping boy of software security, the dreaded buffer overflow, is the subject of Chapter 7. This chapter is a highly technical treatment of buffer overflow attacks that leverages the fact that other texts supply the basics. We discuss buffer overflows in embedded systems, database buffer overflows, buffer overflow as targeted against Java, and content-based buffer overflows. Chapter 7 also describes how to find potential buffer overflows of all kinds, including stack overflows, arithmetic errors, format string vulnerabilities, heap overflows, C++ vtables, and multistage trampolines. Payload architecture is covered in detail for a number of platforms, including x86, MIPS, SPARC, and PA-RISC. Advanced techniques such as active armor and the use of trampolines to defeat weak security mechanisms are also covered. Chapter 7 includes a large number of attack patterns.

Chapter 8 is about rootkits--the ultimate apex of software exploit. This is what it means for a machine to be "owned." Chapter 8 centers around code for a real Windows XP rootkit. We cover call hooking, executable redirection, hiding files and processes, network support, and patching binary code. Hardware issues are also discussed in detail, including techniques used in the wild to hide rootkits in EEPROM. A number of advanced rootkit topics top off Chapter 8.

As you can see, Exploiting Software runs the gamut of software risk, from malicious input to stealthy rootkits. Using attack patterns, real code, and example exploits, we clearly demonstrate the techniques that are used every day by real malicious hackers against software.

How to Use This Book

This book is useful to many different kinds of people: network administrators, security consultants, information warriors, developers, and security programmers.

  • If you are responsible for a network full of running software, you should read this book to learn the kinds of weaknesses that exist in your system and how they are likely to manifest.
  • If you are a security consultant, you should read this book so you can effectively locate, understand, and measure security holes in customer systems.
  • If you are involved in offensive information warfare, you should use this book to learn how to penetrate enemy systems through software.
  • If you create software for a living, you should read this book to understand how attackers will approach your creation. Today, all developers should be security minded. The knowledge here will arm you with a real understanding of the software security problem.
  • If you are a security programmer who knows your way around code, you will love this book.

The primary audience for this book is the security programmer, but there are important lessons here for all computer professionals.

But Isn't This Too Dangerous?

It's important to emphasize that none of the information we discuss here is news to the hacker community. Some of these techniques are as old as the hills. Our real objective is to provide some eye-opening information and up the level of discourse in software security.

Some security experts may worry that revealing the techniques described in this book will encourage more people to try them out. Perhaps this is true, but hackers have always had better lines of communication and information sharing than the good guys. This information needs to be understood and digested by security professionals so that they know the magnitude of the problem and they can begin to address it properly. Shall we grab the bull by the horns or put our head in the sand?

Perhaps this book will shock you. No matter what, it will educate you.

Read More Show Less

Foreword

In early July 2003 I received a call from David Dill, a computer science professor at Stanford University. Dill informed me that the source code to an electronic voting machine produced by Diebold Election Systems, one of the top vendors, had leaked onto the Internet, and that perhaps it would be worth examining it for security vulnerabilities. This was a rare opportunity, because voting system manufacturers have been very tight with their proprietary code. What we found was startling: Security and coding flaws were so prevalent that an attack might be delayed because the attacker might get stuck trying to choose from all the different vulnerabilities to exploit without knowing where to turn first. (Such delay tactics are not recommended as a security strategy.) There were large, complex chunks of code with no comments. There was a single static key hard wired into the code for encrypting vote tallies. Insecure pseudorandom number generators and noncryptographic checksums were used. And inspection of the CVS logs revealed an arbitrary, seemingly ad hoc source code management process. And then there were the serious flaws.

Was the Diebold voting machine example an isolated incident of poor quality control? I don’t think so. Many companies such as Diebold are hard pressed to get their products to market before their competitors. The company with the best, functionally correct system wins. This incentive model rewards the company with the product that is available first and has the most features, not the one with the most secure software. Getting security right is very difficult, and the result is not always tangible. Diebold was unlucky: Their code was examined in a public forum and was shown to be completely broken. Most companies are relatively safe in the assumption that independent analysts will only get to see their code under strict nondisclosure agreements. Only when they are held to the fire do companies pay the kind of attention to security that is warranted. Diebold’s voting machine code was not the first highly complex system that I had ever looked at that was full of security flaws. Why is it so difficult to produce secure software?

The answer is simple. Complexity. Anyone who has ever programmed knows that there are unlimited numbers of choices when writing code. An important choice is which programming language to use. Do you want something that allows the flexibility of pointer arithmetic with the opportunities it allows for manual performance optimization, or do you want a type-safe language that avoids buffer overflows but removes some of your power? For every task, there are seemingly infinite choices of algorithms, parameters, and data structures to use. For every block of code, there are choices on how to name variables, how to comment, and even how to lay out the code in relation to the white space around it. Every programmer is different, and every programmer is likely to make different choices. Large software projects are written in teams, and different programmers have to be able to understand and modify the code written by others. It is hard enough to manage one’s own code, let alone software produced by someone else. Avoiding serious security vulnerabilities in the resulting code is challenging for programs with hundreds of lines of code. For programs with millions of lines of code, such as modern operating systems, it is impossible.

However, large systems must be built, so we cannot just give up and say that writing such systems securely is impossible. McGraw and Hoglund have done a marvelous job of explaining why software is exploitable, of demonstrating how exploits work, and of educating the reader on how to avoid writing exploitable code. You might wonder whether it is a good idea to demonstrate how exploits work, as this book does. In fact, there is a tradeoff that security professionals must consider, between publicizing exploits and keeping them quiet. This book takes the correct position that the only way to program in such a way that minimizes the vulnerabilities in software is to understand why vulnerabilities exist and how attackers exploit them. To this end, this book is a must-read for anybody building any networked application or operating system.

Exploiting Software is the best treatment of any kind that I have seen on the topic of software vulnerabilities. Gary McGraw and Greg Hoglund have a long history of treating this subject. McGraw’s first book, Java Security, was a groundbreaking look at the security problems in the Java runtime environment and the security issues surrounding the novel concept of untrusted mobile code running inside a trusted browser. McGraw’s later book, Building Secure Software, was a classic, demonstrating concepts that could be used to avoid many of the vulnerabilities described in the current book. Hoglund has vast experience developing rootkits and implementing exploit defenses in practice.

After reading this book, you may find it surprising not that so many deployed systems can be hacked, but that so many systems have not yet been hacked. The analysis we did of an electronic voting machine demonstrated that software vulnerabilities are all around us. The fact that many systems have not yet been exploited only means that attackers are satisfied with lower hanging fruit right now. This will be of little comfort to me the next time I go to the polls and am faced with a Windows-based electronic voting machine. Maybe I’ll just mail in an absentee ballot, at least that voting technology’s insecurities are not based on software flaws.

Aviel D. Rubin
Associate Professor, Computer Science
Technical Director, Information Security Institute
Johns Hopkins University

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted March 10, 2004

    A Disturbing, Subversive Book

    A disturbing, subversive book. And I mean this in a positive sense. Hogland and McGraw explain the major ways in which software can be attacked. They describe how reverse engineering can be done, even if all you have is binary code to work on. Given a disassembler and a decompiler, and these exist for all the major platforms, you can systematically apply white box, black box and grey box analysis to deconstruct a program. They show how attacks can be done against servers, because nowadays on the net, servers are often tempting, fat targets. But from your standpoint, if you wish to defend against these attacks, you really need to be aware of the issues they raises. 'Know the enemy'. Plus, they also show how a server could attack, or be used to attack, unsuspecting clients that connect to it. Of course, buffer overflows are the most commonly known source of attacks. Thus an entire chapter is devoted to this. PHP users may not be thrilled to hear that it is fundamentally insecure. Its ease of learning and coding comes with this heavy price. Still, it is all the more reason that PHP users and sysadmins running web servers that use PHP, should be aware of the dangers in it. The book is not a trivial read. The authors give detailed examples at the level of the x86 assembler. A strong background in this and in C/C++ will give you the greatest benefit when studying the book.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)