Exploiting Software – How to Break Code by Greg Hoglund and Gary McGraw is an earlier work by the same authors of the previously reviewed Rootkits. This one dives into the security risks for poorly coded software. Copyright 2004, the book provides lots of examples of exploitable code from wrongfully used functions and improper coding methods five years ago. Despite its age (5 years can be significant in the technology industry), the relevance is still just as potent for Exploiting Software.
The book contains chapters dedicated to:
- Software–The Root of the Problem
- Attack Patterns
- Reverse Engineering and Program Understanding
- Exploiting Server Software
- Exploiting Client Software
- Crafting (Malicious) Input
- Buffer Overflow
Similar to Rootkits, there is a disclaimer about who this information is intended for. Some might fear that publishing this information puts it too readily into the hands of those who do malicious things but the book insists that they already know this information and they are letting the general public in on the secret. This book is intended for defenders and developers to understand how malicious users are viewing their programs. It contains a lot of good basic rules and explanations about best practices and things to keep in mind when developing an application.
Exploiting Software seems less technical than Rootkits and does a good job of really bringing the relevance of the topic around with plenty of examples. The book also covers lots of tools that can be used to protect against exploits (during the development phase) or debug an application to evaluate if you should trust it on your network. Everything from packet sniffing, port scanning, and buffer overflows are covered in this book with advice on preventing or identifying if an application is vulnerable along with what to watch for if you suspect malicious traffic across your network through attack patterns.