|
 |
|
 |
 |
The Shellcoder's Handbook: Discovering and Exploiting Security Holes
|
by Chris Anley, John Heasman, Felix Lindner, and Gerardo Richarte
Sales Rank: 92700
|
List Price: $49.99
$31.49
At Amazon
|
|
Paperback: 718 pages
Publisher: Wiley; 2 edition August 20, 2007
Language: English
ISBN-10: 047008023X
ISBN-13: 978-0470080238
Product Dimensions:
9.1 x 7.4 x 1.6 inches
Shipping Weight: 2.4 pounds
Product Review
�&essential for administrators who want to secure computer systems under their management&� -- Computer Weekly, March 2004
“…80%…anyone developing their own software may be surprised by how easily flaws can be exploited and fixed…” (PC Utilities, July 2004)
“…essential for administrators who want to secure computer systems under their management…” (Computer Weekly, March 2004)
"has caused some raised eyebrows in the technical community" (www.infoworld.com, 17 March 2004)
--This text refers to the
Paperback
edition.
Product Description
- This much-anticipated revision, written by the ultimate group of top security experts in the world, features 40 percent new content on how to find security holes in any operating system or application
- New material addresses the many new exploitation techniques that have been discovered since the first edition, including attacking "unbreakable" software packages such as McAfee's Entercept, Mac OS X, XP, Office 2003, and Vista
- Also features the first-ever published information on exploiting Cisco's IOS, with content that has never before been explored
- The companion Web site features downloadable code files
Customer Reviews & Comments
This review is from: The Shellcoder's Handbook: Discovering and Exploiting Security Holes (Paperback)
Not for beginners as others have previously stated, you require deep knowledge of C, assembler and IA32 architecture as well as some knowledge of the Linux and Windows operating systems. If you have this then it will suffice (Even if you have not ever heard of a buffer overflow before). What amazes me, and the reason of me not giving five stars to the book, is the enormous amount of errors in the book (no one else has talked about this on previous reviews). These go from forgetting to include memory allocation routines in some sample code and putting incorrect labels in some diagrams to talking about certain parts of code while actually showing completely different lines of code or talking about different addresses in the explanations from the ones on the sample code and program output that they talk about. For example, on page 90 the authors wrote: " Let's take a look at two assembly instructions that correspond to the free() routine finding the previous chunk 0x42073ff8 <_int_free+136>: mov 0xfffffff8 (%edx),%eax 0x42073ffb <_int_free+139>: sub %eax,%esi In the first instruction (mov 0x8 (%esi), %edx), %edx is 0x80499b8, the address of..." The instruction being referred to at the last sentence should be "mov 0xfffffff8 (%edx),%eax". "mov 0x8 (%esi), %edx" appears many lines below this paragraph, in another code sample, and it is completely unrelated to the explanation given there. Of course, people familiar with these topics who also have a deep knowledge of the required programming languages and architectures will catch these flaws easily. The problem is that there are so many of them that it gets annoying at some point and you end asking yourself why do the editorial reviewers didn't do their job properly. Also, I bought this book almost as soon as it went out for sale, yet as of this date (may 2004), the only material found in the web page of the book is the source code to most of the examples. Definitely much less compared to all the material that the authors promised in the book to be there (so don't expect to find more than this). It is an excellent reference book though, and if you take the time to read the book thoroughly and make notes to fix the errors in the book you will find that even this activity is rewarding. Some might even argue that the authors put the errors there on purpose to keep script kiddies away from this knowledge, but I don't think that would be OK with a book like this which has created so much expectation. Hopefully the next edition will have all this fixed.
|
The Shellcoder's Handbook: Discovering and Exploiting Security Holes
List Price: $49.99
Available from Amazon
Price: $31.49
| |
|
|
|
|
