- Paperback: 644 pages
- Publisher: Wiley; 1 edition (Mar 19 2004)
- Language: English
- ISBN-10: 0764544683
- ISBN-13: 978-0764544682
- Product Dimensions: 23.6 x 19 x 3.6 cm
- Shipping Weight: 962 g
- Average Customer Review: 4.4 out of 5 stars See all reviews (11 customer reviews)
- Amazon Bestsellers Rank: #544,406 in Books (See Top 100 in Books)
- See Complete Table of Contents
|
||||||||||||||||||
|
||||||||||||||||||
|
||||||||||||||||||
|
There is a newer edition of this item:
|
Product Details |
Product Description
Review
“…80%…anyone developing their own software may be surprised by how easily flaws can be exploited and fixed…” (PC Utilities, July 2004)
“…essential for administrators who want to secure computer systems under their management…” (Computer Weekly, March 2004)
"...has caused some raised eyebrows in the technical community..." (www.infoworld.com, 17 March 2004)
Product Description
- Examines where security holes come from, how to discover them, how hackers exploit them and take control of systems on a daily basis, and most importantly, how to close these security holes so they never occur again
- A unique author team-a blend of industry and underground experts- explain the techniques that readers can use to uncover security holes in any software or operating system
- Shows how to pinpoint vulnerabilities in popular operating systems (including Windows, Linux, and Solaris) and applications (including MS SQL Server and Oracle databases)
- Details how to deal with discovered vulnerabilities, sharing some previously unpublished advanced exploits and techniques
Inside This Book
(Learn More)
First Sentence
In order to understand the content of this book, you need a well-developed understanding of computer languages, operating systems, and architectures. Read the first page
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
In order to understand the content of this book, you need a well-developed understanding of computer languages, operating systems, and architectures. Read the first page
Explore More
Concordance
Browse Sample PagesConcordance
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Tag this product(What's this?)Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organize and find favorite items. |
Customer Reviews
|
Share your thoughts with other customers:
|
||||||||||||||||||||||
|
Most helpful customer reviews
2 of 2 people found the following review helpful
3.0 out of 5 stars
Good material... bad editing,
This review is from: The Shellcoder's Handbook: Discovering and Exploiting Security Holes (Paperback)
While the material is good, there are way to many errors. For someone who's looking for the hows and whats of software exploitation, this book comes through. For someone who actually wants to follow their example code... good luck. Errors everywhere! I wonder how this book made it past the editors. I haven't come across a book like this in a long long time. The webpage also lacks much content save for the chapter code, some of which is faulty and will not run properly without modification.Get some new editors!
1 of 1 people found the following review helpful
4.0 out of 5 stars
Excellent material, but...,
By
This review is from: The Shellcoder's Handbook: Discovering and Exploiting Security Holes (Paperback)
Not for beginners as others have previously stated, you require deep knowledge of C, assembler and IA32 architecture as well as some knowledge of the Linux and Windows operating systems. If you have this then it will suffice (Even if you have not ever heard of a buffer overflow before).What amazes me, and the reason of me not giving five stars to the book, is the enormous amount of errors in the book (no one else has talked about this on previous reviews). These go from forgetting to include memory allocation routines in some sample code and putting incorrect labels in some diagrams to talking about certain parts of code while actually showing completely different lines of code or talking about different addresses in the explanations from the ones on the sample code and program output that they talk about. For example, on page 90 the authors wrote: " Let's take a look at two assembly instructions that correspond to the free() routine finding the previous chunk 0x42073ff8 <_int_free+136>: mov 0xfffffff8 (%edx),%eax In the first instruction (mov 0x8 (%esi), %edx), %edx is 0x80499b8, the address of..." The instruction being referred to at the last sentence should be "mov 0xfffffff8 (%edx),%eax". "mov 0x8 (%esi), %edx" appears many lines below this paragraph, in another code sample, and it is completely unrelated to the explanation given there. Of course, people familiar with these topics who also have a deep knowledge of the required programming languages and architectures will catch these flaws easily. The problem is that there are so many of them that it gets annoying at some point and you end asking yourself why do the editorial reviewers didn't do their job properly. Also, I bought this book almost as soon as it went out for sale, yet as of this date (may 2004), the only material found in the web page of the book is the source code to most of the examples. Definitely much less compared to all the material that the authors promised in the book to be there (so don't expect to find more than this). It is an excellent reference book though, and if you take the time to read the book thoroughly and make notes to fix the errors in the book you will find that even this activity is rewarding. Some might even argue that the authors put the errors there on purpose to keep script kiddies away from this knowledge, but I don't think that would be OK with a book like this which has created so much expectation. Hopefully the next edition will have all this fixed.
5.0 out of 5 stars
Excellent security book although misleading title,
By AdV (N/A) - See all my reviews
This review is from: The Shellcoder's Handbook: Discovering and Exploiting Security Holes (Paperback)
The title "Shellcoder's handbook" made me reluctant to even buy this book. I thought it would go about explaining exploiting stack, heap overruns, bypassing memory exploitation methods and so on in order to execute shell code: basically, a book for hacking and I didn't like that. Nonetheless, it took me a glance of the list of authors and the table of contents to realize that this book goes beyond exploitation and into core penetration testing and vulnerability discovery methods. Hopefully, like rational and ethical software security engineers will do, this book will be used more for vulnerability discovery and benign exploitation rather than malicious exploitation. Parts 1 and 2 are a great introduction of OS internal, system calls, memory management, and in-depth analysis of security bug exploitation; thus making them relevant for part 3: "Vulnerability Discovery". Part 3 goes into great depth on how discover security bugs. No so often do we have the brightest minds in the art of software vulnerability discovery, penetration testing, or "ethical hacking" joining forces. The variety of ways to discover security bugs is what we need to learn in order to ship secure software or to successfully secure existing software applications. Great Job!
Share your thoughts with other customers: Create your own review
Want to see more reviews on this item?
|
Most recent customer reviews |
Listmania!
Look for similar items by category
- Books > Business & Investing > Industries & Professions > E-commerce
- Books > Computers & Internet > Certification Central > Exams > Security+
- Books > Computers & Internet > Networking > Network Security
- Books > Computers & Internet > Software
- Books > Qualifying Textbooks - Fall 2007 > Business & Investing
- Books > Qualifying Textbooks - Fall 2007 > Computers & Internet
Look for similar items by subject
Feedback
Would you like to update product info or give feedback on images?
|
