Buffer Overflow Attacks: Detect, Exploit, Prevent and over one million other books are available for Amazon Kindle. Learn more

Vous voulez voir cette page en français ? Cliquez ici.

Sign in to turn on 1-Click ordering.
More Buying Choices
Have one to sell? Sell yours here
Start reading Buffer Overflow Attacks: Detect, Exploit, Prevent on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Buffer Overflow Attacks: Detect, Exploit, Prevent [Paperback]

Jason Deckard

Price: CDN$ 36.95 & FREE Shipping. Details
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Usually ships within 1 to 2 months.
Ships from and sold by Amazon.ca. Gift-wrap available.


Amazon Price New from Used from
Kindle Edition CDN $25.01  
Paperback CDN $36.95  
Save Up to 90% on Textbooks
Hit the books in Amazon.ca's Textbook Store and save up to 90% on used textbooks and 35% on new textbooks. Learn more.
Join Amazon Student in Canada

Book Description

Feb. 21 2005 1932266674 978-1932266672 1
The SANS Institute maintains a list of the "Top 10 Software Vulnerabilities." At the current time, over half of these vulnerabilities are exploitable by Buffer Overflow attacks, making this class of attack one of the most common and most dangerous weapon used by malicious attackers. This is the first book specifically aimed at detecting, exploiting, and preventing the most common and dangerous attacks.

Buffer overflows make up one of the largest collections of vulnerabilities in existence; And a large percentage of possible remote exploits are of the overflow variety. Almost all of the most devastating computer attacks to hit the Internet in recent years including SQL Slammer, Blaster, and I Love You attacks. If executed properly, an overflow vulnerability will allow an attacker to run arbitrary code on the victim's machine with the equivalent rights of whichever process was overflowed. This is often used to provide a remote shell onto the victim machine, which can be used for further exploitation.

A buffer overflow is an unexpected behavior that exists in certain programming languages. This book provides specific, real code examples on exploiting buffer overflow attacks from a hacker's perspective and defending against these attacks for the software developer.

*Over half of the "SANS TOP 10 Software Vulnerabilities" are related to buffer overflows.

*None of the current-best selling software security books focus exclusively on buffer overflows.

*This book provides specific, real code examples on exploiting buffer overflow attacks from a hacker's perspective and defending against these attacks for the software developer.

Customers Who Bought This Item Also Bought

Product Details

Inside This Book (Learn More)
Explore More
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index
Search inside this book:

Customer Reviews

There are no customer reviews yet on Amazon.ca
5 star
4 star
3 star
2 star
1 star
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com: 3.3 out of 5 stars  7 reviews
9 of 10 people found the following review helpful
2.0 out of 5 stars Proofread? Editorial and Technical reveiw?.... March 3 2006
By Hadi Nahari - Published on Amazon.com
For a book dedicated to such an important topic, my experience with this book was at best disappointing. This goes both for the authors (as they are primarily responsible for the material), as well as the publisher (Syngress). One would doubt whether the book has gone through any meaningful editorial review process. The errata posted on Syngress' site (bad site-design with a great deal of broken URLs in the book's relevant-links page by the way, and one "has to" sign up to obtain the errata) are utterly incomplete. The book at the time of this writing lacks an accompanying website (no reference in the errata or in the book itself).

This is an unfortunate development that one certainly notices in the recent publications pertaining to security topic, perhaps as a result of the urge to push content out to satisfy the hot-market demands.

On the technical front, the choice for the topics seems to be reasonably covering most corners; however, throughout the book there's a focus on pre-SP2 release of Microsoft Windows XP; why? If one of the objectives of the authors was to educate the audience on the topics (by providing practical and working examples), wouldn't such choice defeat the purpose?
4 of 4 people found the following review helpful
1.0 out of 5 stars Full of errors and inconsistencies July 29 2008
By Byron Sonne - Published on Amazon.com
Does Syngress (the publisher) employ proof readers?

I doubt it. This book is so full of errors and inaccuracies that it becomes painful to read after a while. Especially the annotated examples, where the line numbers for the code listings often bear no relation to the line numbers listed in the accompanying analysis.

And then there's the confusion of ESP and EIP in several places throughout the book. For a collection of 'expert information' it comes off as a rather amateurish production. Makes you wonder... what else have they got wrong?

You'll notice this is very much the same as the review I've posted for "Sockets, Shellcode, Porting & Coding"... that is because it too is horrendous for errors.

This is 2 books from Syngress I've got that are very poor quality. What's going on guys?
2 of 3 people found the following review helpful
4.0 out of 5 stars Great book to start with. Sept. 14 2006
By C. G. Dimopoulos - Published on Amazon.com
This is a great book to start understanding buffer overflows with. You do need some fimiliarity with assembly or you are not going to understand the code that is through out this book, almost every other page.

This gives step by step examples in reading, creating and disassembling shellcode and buffer overflows. I'v read some of the other reviews which suggest their was not much proof reading done it seems like it. I myself found many spelling erros but technical wise I have yet to see any. Maybe my second read I will find some.
2 of 3 people found the following review helpful
2.0 out of 5 stars Better books are now available July 27 2011
By Richard Bejtlich - Published on Amazon.com
I read "Buffer Overflow Attacks" as part of a collection of books on writing exploit code (reviewed separately). I have to give credit to the author team for writing one of the first books on this subject; Syngress published BOA in 2005, when the subject received less published coverage. However, better books are available now if you want to learn the sort of material found in BOA.

I'd like to offer a few reasons for a two star review. First, the book is published in a weird format -- 8.8 x 6 x 1.3 inches. I don't know why the publisher produced such a physically small but thick book. Second, this book suffers from too many authors addressing the same issues. BOA is disorganized and internally repetitive. There's no consistent style; some chapters prefer to show memory as a line of characters, others show hex dumps, while others show screen captures. Third, in many sections the writing style is too difficult to follow. Often code is listed for the reader, followed by page upon page of "Analysis." It's tough to match the explanation with the code. Furthermore, many of these Analysis sections have mistakes or look incomplete. Finally, the material itself isn't very compelling. For example, the "introduction to assembly" in chapter 2 is weak, and the book doesn't mention the differences between Intel and AT&T syntax until p 179!

One other point -- if you have the Syngress book Writing Security Tools and Exploits (WSTAE), you already have most of BOA. Ch 1 and Ch 2 appears to be the same in both books. Ch 3 in BOA is Ch 5 in WSTAE, 4 in BOA is 6 in WSTAE, 5 in BOA is 7 in WSTAE, and so on. Duplication of chapters was a problem for Syngress in the mid-2000s, unfortunately.

Thankfully, Syngress and others are publishing much better offensive security books now. I recommend checking for newer resources.
5.0 out of 5 stars Clearly explains the internals of Buffer overflow attacks Nov. 13 2013
By Yeoun Jae Kim - Published on Amazon.com
Format:Kindle Edition|Verified Purchase
I have not finished this book yet(still reading). But this book clearly explains the basics of stack overflow, off by one, heap overflow and string format attacks. The writing style is very good and if you have some knowledge of assembly language and want to write buffer overflow attack code from grounds up, spanning from Linux, freeBSD to Windows, this book is for you. One flaw of this book is some mistyping.

Look for similar items by category