• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Exploiting Software: How to Break Code by Greg Hoglund and Gary McGraw

 
Bartender
Posts: 962
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
<pre>Author/s : Greg Hoglund and Gary McGraw
Publisher : Addison-Wesley
Category : Other
Review by : Ernest Friedman-Hill
Rating : 6 horseshoes
</pre>
"Exploiting Software" purports to be a book aimed at helping software professionals understand the security risks they face; it uses the pedagogical device of teaching how software can be attacked to achieve the goal of explaining how secure software should be built. Unfortunately, I think it fails both as a guide to building secure software and as a guide to being a black hat hacker.
Most of "Exploiting Software" reads more like a book proposal than a completed work: too detailed in places (do we really need a dozen pages on writing plugins for the IDA Pro Disassembler?), not detailed enough in others, and generally not well organized. Far too often, the reader is simply told that an exploit exists, and is then directed to the original source for details. Worse, the original sources are often white papers, personal web sites, and conference proceedings -- things that are either hard to obtain, unlikely to be available for long, or both. As a result, the reader learns nothing.
The preface to "Exploiting Software" explains that this is a companion volume to "Building Secure Software," written by the same Gary McGraw with another co-author, and this helps to explain the main failings of this book. While the last two chapters, "Buffer overflow" and "Rootkits", are better than the rest -- they provide plenty of concrete details -- two chapters aren't enough to vindicate this fairly shallow work. For $49.99, I expect a book that can stand on its own.


More info at Amazon.com
More info at Amazon.co.uk
 
What is that? Is that a mongol hoarde? Can we fend them off with this tiny ad?
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic