This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Book Reviews and the fly likes Exploiting Software: How to Break Code by Greg Hoglund and Gary McGraw Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Books » Book Reviews
Bookmark "Exploiting Software: How to Break Code by Greg Hoglund and Gary McGraw" Watch "Exploiting Software: How to Break Code by Greg Hoglund and Gary McGraw" New topic
Author

Exploiting Software: How to Break Code by Greg Hoglund and Gary McGraw

Book Review Team
Bartender

Joined: Feb 15, 2002
Posts: 936
<pre>Author/s : Greg Hoglund and Gary McGraw
Publisher : Addison-Wesley
Category : Other
Review by : Ernest Friedman-Hill
Rating : 6 horseshoes
</pre>
"Exploiting Software" purports to be a book aimed at helping software professionals understand the security risks they face; it uses the pedagogical device of teaching how software can be attacked to achieve the goal of explaining how secure software should be built. Unfortunately, I think it fails both as a guide to building secure software and as a guide to being a black hat hacker.
Most of "Exploiting Software" reads more like a book proposal than a completed work: too detailed in places (do we really need a dozen pages on writing plugins for the IDA Pro Disassembler?), not detailed enough in others, and generally not well organized. Far too often, the reader is simply told that an exploit exists, and is then directed to the original source for details. Worse, the original sources are often white papers, personal web sites, and conference proceedings -- things that are either hard to obtain, unlikely to be available for long, or both. As a result, the reader learns nothing.
The preface to "Exploiting Software" explains that this is a companion volume to "Building Secure Software," written by the same Gary McGraw with another co-author, and this helps to explain the main failings of this book. While the last two chapters, "Buffer overflow" and "Rootkits", are better than the rest -- they provide plenty of concrete details -- two chapters aren't enough to vindicate this fairly shallow work. For $49.99, I expect a book that can stand on its own.


More info at Amazon.com
More info at Amazon.co.uk
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Exploiting Software: How to Break Code by Greg Hoglund and Gary McGraw