skip to content
Exploiting software : how to break code Preview this item
ClosePreview this item
Checking...

Exploiting software : how to break code

Author: Greg Hoglund; Gary McGraw
Publisher: Boston : Addison-Wesley, 2008.
Series: Software security library, 2.
Edition/Format:   Print book : English : 5. printView all editions and formats
Summary:

Using attack patterns, real code, and example exploits, students learn techniques that are used by real malicious hackers against software. The author team show to break code-if students want to  Read more...

Rating:

(not yet rated) 0 with reviews - Be the first.

Subjects
More like this

Find a copy in the library

&AllPage.SpinnerRetrieving; Finding libraries that hold this item...

Details

Document Type: Book
All Authors / Contributors: Greg Hoglund; Gary McGraw
ISBN: 0201786958 9780201786958
OCLC Number: 552093598
Description: XXXVII, 471 Seiten : Illustrationen, Diagramme.
Contents: Attack Patterns. Foreword. Preface. What This Book Is About. How to Use This Book. But Isn't This Too Dangerous? Acknowledgments. 1. Software-The Root of the Problem. A Brief History of Software. Bad Software Is Ubiquitous. The Trinity of Trouble. The Future of Software. What Is Software Security? Conclusion. 2. Attack Patterns. A Taxonomy. An Open-Systems View. Tour of an Exploit. Attack Patterns: Blueprints for Disaster. An Example Exploit: Microsoft's Broken C++ Compiler. Applying Attack Patterns. Attack Pattern Boxes. Conclusion. 3. Reverse Engineering and Program Understanding. Into the House of Logic. Should Reverse Engineering Be Illegal? Reverse Engineering Tools and Concepts. Methods of the Reverser. Writing Interactive Disassembler (IDA) Plugins. Decompiling and Disassembling Software. Decompilation in Practice: Reversing helpctr.exe. Automatic, Bulk Auditing for Vulnerabilities. Writing Your Own Cracking Tools. Building a Basic Code Coverage Tool. Conclusion. 4. Exploiting Server Software. The Trusted Input Problem. The Privilege Escalation Problem. Finding Injection Points. Input Path Tracing. Exploiting Trust through Configuration. Specific Techniques and Attacks for Server Software. Conclusion. 5. Exploiting Client Software. Client-side Programs as Attack Targets. In-band Signals. Cross-site Scripting (XSS). Clients Scripts and Malicious Code. Content-Based Attacks. Backwash Attacks: Leveraging Client-side Buffer. Conclusion. 6. Crafting (Malicious) Input. The Defender's Dilemma.
Series Title: Software security library, 2.
Responsibility: Greg Hoglund ; Gary McGraw.
More information:

Reviews

Editorial reviews

Publisher Synopsis

Praise for Exploiting Software "Exploiting Software highlights the most critical part of the software quality problem. As it turns out, software quality problems are a major contributing factor to Read more...

 
User-contributed reviews
Retrieving GoodReads reviews...
Retrieving DOGObooks reviews...

Tags

Be the first.
Confirm this request

You may have already requested this item. Please select Ok if you would like to proceed with this request anyway.

Linked Data


\n\n

Primary Entity<\/h3>\n
<http:\/\/www.worldcat.org\/oclc\/552093598<\/a>> # Exploiting software : how to break code<\/span>\n\u00A0\u00A0\u00A0\u00A0a \nschema:CreativeWork<\/a>, schema:Book<\/a> ;\u00A0\u00A0\u00A0\nlibrary:oclcnum<\/a> \"552093598<\/span>\" ;\u00A0\u00A0\u00A0\nlibrary:placeOfPublication<\/a> <http:\/\/id.loc.gov\/vocabulary\/countries\/mau<\/a>> ;\u00A0\u00A0\u00A0\nlibrary:placeOfPublication<\/a> <http:\/\/dbpedia.org\/resource\/Boston<\/a>> ; # Boston<\/span>\n\u00A0\u00A0\u00A0\nschema:about<\/a> <http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/datensicherung<\/a>> ; # Datensicherung<\/span>\n\u00A0\u00A0\u00A0\nschema:about<\/a> <http:\/\/id.worldcat.org\/fast\/872601<\/a>> ; # Computer software--Testing<\/span>\n\u00A0\u00A0\u00A0\nschema:about<\/a> <http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/hacker_ind_s_swd_id_41138211<\/a>> ; # Hacker ; IND: s ; SWD-ID: 41138211<\/span>\n\u00A0\u00A0\u00A0\nschema:about<\/a> <http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/computerkriminalitat_ind_s_swd_id_40104527<\/a>> ; # Computerkriminalit\u00E4t ; IND: s ; SWD-ID: 40104527<\/span>\n\u00A0\u00A0\u00A0\nschema:about<\/a> <http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/softwareschutz<\/a>> ; # Softwareschutz<\/span>\n\u00A0\u00A0\u00A0\nschema:about<\/a> <http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/hacker<\/a>> ; # Hacker<\/span>\n\u00A0\u00A0\u00A0\nschema:about<\/a> <http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/computer_security<\/a>> ; # Computer security<\/span>\n\u00A0\u00A0\u00A0\nschema:about<\/a> <http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/software<\/a>> ; # Software<\/span>\n\u00A0\u00A0\u00A0\nschema:about<\/a> <http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/computer_hackers<\/a>> ; # Computer hackers<\/span>\n\u00A0\u00A0\u00A0\nschema:about<\/a> <http:\/\/id.worldcat.org\/fast\/872484<\/a>> ; # Computer security<\/span>\n\u00A0\u00A0\u00A0\nschema:about<\/a> <http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/computer_software_testing<\/a>> ; # Computer software--Testing<\/span>\n\u00A0\u00A0\u00A0\nschema:about<\/a> <http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/softwareschutz_ind_s_swd_id_41316496<\/a>> ; # Softwareschutz ; IND: s ; SWD-ID: 41316496<\/span>\n\u00A0\u00A0\u00A0\nschema:about<\/a> <http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/hacker_software_engineering_computersicherheit<\/a>> ; # Hacker--Software Engineering--Computersicherheit<\/span>\n\u00A0\u00A0\u00A0\nschema:about<\/a> <http:\/\/id.worldcat.org\/fast\/872150<\/a>> ; # Hackers<\/span>\n\u00A0\u00A0\u00A0\nschema:about<\/a> <http:\/\/dewey.info\/class\/005.8\/<\/a>> ;\u00A0\u00A0\u00A0\nschema:bookEdition<\/a> \"5. print.<\/span>\" ;\u00A0\u00A0\u00A0\nschema:bookFormat<\/a> bgn:PrintBook<\/a> ;\u00A0\u00A0\u00A0\nschema:contributor<\/a> <http:\/\/viaf.org\/viaf\/76495010<\/a>> ; # Gary McGraw<\/span>\n\u00A0\u00A0\u00A0\nschema:creator<\/a> <http:\/\/viaf.org\/viaf\/27358436<\/a>> ; # Greg Hoglund<\/span>\n\u00A0\u00A0\u00A0\nschema:datePublished<\/a> \"2008<\/span>\" ;\u00A0\u00A0\u00A0\nschema:exampleOfWork<\/a> <http:\/\/worldcat.org\/entity\/work\/id\/858246393<\/a>> ;\u00A0\u00A0\u00A0\nschema:inLanguage<\/a> \"en<\/span>\" ;\u00A0\u00A0\u00A0\nschema:isPartOf<\/a> <http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Series\/software_security_library<\/a>> ; # Software security library ;<\/span>\n\u00A0\u00A0\u00A0\nschema:name<\/a> \"Exploiting software : how to break code<\/span>\" ;\u00A0\u00A0\u00A0\nschema:productID<\/a> \"552093598<\/span>\" ;\u00A0\u00A0\u00A0\nschema:publication<\/a> <http:\/\/www.worldcat.org\/title\/-\/oclc\/552093598#PublicationEvent\/boston_addison_wesley_2008<\/a>> ;\u00A0\u00A0\u00A0\nschema:publisher<\/a> <http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Agent\/addison_wesley<\/a>> ; # Addison-Wesley<\/span>\n\u00A0\u00A0\u00A0\nschema:workExample<\/a> <http:\/\/worldcat.org\/isbn\/9780201786958<\/a>> ;\u00A0\u00A0\u00A0\nwdrs:describedby<\/a> <http:\/\/www.worldcat.org\/title\/-\/oclc\/552093598<\/a>> ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n\n

Related Entities<\/h3>\n
<http:\/\/dbpedia.org\/resource\/Boston<\/a>> # Boston<\/span>\n\u00A0\u00A0\u00A0\u00A0a \nschema:Place<\/a> ;\u00A0\u00A0\u00A0\nschema:name<\/a> \"Boston<\/span>\" ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/dewey.info\/class\/005.8\/<\/a>>\u00A0\u00A0\u00A0\u00A0a \nschema:Intangible<\/a> ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Agent\/addison_wesley<\/a>> # Addison-Wesley<\/span>\n\u00A0\u00A0\u00A0\u00A0a \nbgn:Agent<\/a> ;\u00A0\u00A0\u00A0\nschema:name<\/a> \"Addison-Wesley<\/span>\" ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Series\/software_security_library<\/a>> # Software security library ;<\/span>\n\u00A0\u00A0\u00A0\u00A0a \nbgn:PublicationSeries<\/a> ;\u00A0\u00A0\u00A0\nschema:hasPart<\/a> <http:\/\/www.worldcat.org\/oclc\/552093598<\/a>> ; # Exploiting software : how to break code<\/span>\n\u00A0\u00A0\u00A0\nschema:name<\/a> \"Software security library ;<\/span>\" ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/computer_hackers<\/a>> # Computer hackers<\/span>\n\u00A0\u00A0\u00A0\u00A0a \nschema:Intangible<\/a> ;\u00A0\u00A0\u00A0\nschema:name<\/a> \"Computer hackers<\/span>\" ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/computer_security<\/a>> # Computer security<\/span>\n\u00A0\u00A0\u00A0\u00A0a \nschema:Intangible<\/a> ;\u00A0\u00A0\u00A0\nschema:name<\/a> \"Computer security<\/span>\" ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/computer_software_testing<\/a>> # Computer software--Testing<\/span>\n\u00A0\u00A0\u00A0\u00A0a \nschema:Intangible<\/a> ;\u00A0\u00A0\u00A0\nschema:hasPart<\/a> <http:\/\/id.loc.gov\/authorities\/subjects\/sh85029534<\/a>> ;\u00A0\u00A0\u00A0\nschema:name<\/a> \"Computer software--Testing<\/span>\" ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/computerkriminalitat_ind_s_swd_id_40104527<\/a>> # Computerkriminalit\u00E4t ; IND: s ; SWD-ID: 40104527<\/span>\n\u00A0\u00A0\u00A0\u00A0a \nschema:Intangible<\/a> ;\u00A0\u00A0\u00A0\nschema:name<\/a> \"Computerkriminalit\u00E4t ; IND: s ; SWD-ID: 40104527<\/span>\" ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/datensicherung<\/a>> # Datensicherung<\/span>\n\u00A0\u00A0\u00A0\u00A0a \nschema:Intangible<\/a> ;\u00A0\u00A0\u00A0\nschema:name<\/a> \"Datensicherung<\/span>\" ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/hacker<\/a>> # Hacker<\/span>\n\u00A0\u00A0\u00A0\u00A0a \nschema:Intangible<\/a> ;\u00A0\u00A0\u00A0\nschema:name<\/a> \"Hacker<\/span>\" ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/hacker_ind_s_swd_id_41138211<\/a>> # Hacker ; IND: s ; SWD-ID: 41138211<\/span>\n\u00A0\u00A0\u00A0\u00A0a \nschema:Intangible<\/a> ;\u00A0\u00A0\u00A0\nschema:name<\/a> \"Hacker ; IND: s ; SWD-ID: 41138211<\/span>\" ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/hacker_software_engineering_computersicherheit<\/a>> # Hacker--Software Engineering--Computersicherheit<\/span>\n\u00A0\u00A0\u00A0\u00A0a \nschema:Intangible<\/a> ;\u00A0\u00A0\u00A0\nschema:name<\/a> \"Hacker--Software Engineering--Computersicherheit<\/span>\" ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/software<\/a>> # Software<\/span>\n\u00A0\u00A0\u00A0\u00A0a \nschema:Intangible<\/a> ;\u00A0\u00A0\u00A0\nschema:name<\/a> \"Software<\/span>\" ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/softwareschutz<\/a>> # Softwareschutz<\/span>\n\u00A0\u00A0\u00A0\u00A0a \nschema:Intangible<\/a> ;\u00A0\u00A0\u00A0\nschema:name<\/a> \"Softwareschutz<\/span>\" ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/experiment.worldcat.org\/entity\/work\/data\/858246393#Topic\/softwareschutz_ind_s_swd_id_41316496<\/a>> # Softwareschutz ; IND: s ; SWD-ID: 41316496<\/span>\n\u00A0\u00A0\u00A0\u00A0a \nschema:Intangible<\/a> ;\u00A0\u00A0\u00A0\nschema:name<\/a> \"Softwareschutz ; IND: s ; SWD-ID: 41316496<\/span>\" ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/id.loc.gov\/vocabulary\/countries\/mau<\/a>>\u00A0\u00A0\u00A0\u00A0a \nschema:Place<\/a> ;\u00A0\u00A0\u00A0\ndcterms:identifier<\/a> \"mau<\/span>\" ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/id.worldcat.org\/fast\/872150<\/a>> # Hackers<\/span>\n\u00A0\u00A0\u00A0\u00A0a \nschema:Intangible<\/a> ;\u00A0\u00A0\u00A0\nschema:name<\/a> \"Hackers<\/span>\" ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/id.worldcat.org\/fast\/872484<\/a>> # Computer security<\/span>\n\u00A0\u00A0\u00A0\u00A0a \nschema:Intangible<\/a> ;\u00A0\u00A0\u00A0\nschema:name<\/a> \"Computer security<\/span>\" ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/id.worldcat.org\/fast\/872601<\/a>> # Computer software--Testing<\/span>\n\u00A0\u00A0\u00A0\u00A0a \nschema:Intangible<\/a> ;\u00A0\u00A0\u00A0\nschema:name<\/a> \"Computer software--Testing<\/span>\" ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/viaf.org\/viaf\/27358436<\/a>> # Greg Hoglund<\/span>\n\u00A0\u00A0\u00A0\u00A0a \nschema:Person<\/a> ;\u00A0\u00A0\u00A0\nschema:familyName<\/a> \"Hoglund<\/span>\" ;\u00A0\u00A0\u00A0\nschema:givenName<\/a> \"Greg<\/span>\" ;\u00A0\u00A0\u00A0\nschema:name<\/a> \"Greg Hoglund<\/span>\" ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/viaf.org\/viaf\/76495010<\/a>> # Gary McGraw<\/span>\n\u00A0\u00A0\u00A0\u00A0a \nschema:Person<\/a> ;\u00A0\u00A0\u00A0\nschema:birthDate<\/a> \"1966<\/span>\" ;\u00A0\u00A0\u00A0\nschema:familyName<\/a> \"McGraw<\/span>\" ;\u00A0\u00A0\u00A0\nschema:givenName<\/a> \"Gary<\/span>\" ;\u00A0\u00A0\u00A0\nschema:name<\/a> \"Gary McGraw<\/span>\" ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/worldcat.org\/isbn\/9780201786958<\/a>>\u00A0\u00A0\u00A0\u00A0a \nschema:ProductModel<\/a> ;\u00A0\u00A0\u00A0\nschema:isbn<\/a> \"0201786958<\/span>\" ;\u00A0\u00A0\u00A0\nschema:isbn<\/a> \"9780201786958<\/span>\" ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n
<http:\/\/www.worldcat.org\/title\/-\/oclc\/552093598<\/a>>\u00A0\u00A0\u00A0\u00A0a \ngenont:InformationResource<\/a>, genont:ContentTypeGenericResource<\/a> ;\u00A0\u00A0\u00A0\nschema:about<\/a> <http:\/\/www.worldcat.org\/oclc\/552093598<\/a>> ; # Exploiting software : how to break code<\/span>\n\u00A0\u00A0\u00A0\nschema:dateModified<\/a> \"2018-11-25<\/span>\" ;\u00A0\u00A0\u00A0\nvoid:inDataset<\/a> <http:\/\/purl.oclc.org\/dataset\/WorldCat<\/a>> ;\u00A0\u00A0\u00A0\u00A0.\n\n\n<\/div>\n