LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Announcements page

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Exploiting Software: How to Break Code

[Posted February 23, 2004 by ris]

From:  "Joan Murray" <joan.murray-AT-aw.com>
To:  <lwn-AT-lwn.net>
Subject:  Exploiting Software: How to Break Code
Date:  Fri, 20 Feb 2004 15:53:58 -0500

ADDISON-WESLEY PROFESSIONAL LAUNCHES 
CONTROVERSIAL NEW SECURITY BOOK AT RSA 2004 
Exploiting Software: How to Break Code by Greg Hoglund and Gary McGraw at 
Booth 1637

RSA 2004, San Francisco (Feb. 23, 2004) - Addison-Wesley Professional, the 
leading publisher of high-quality technology books for developers and system 
administrators, today announced the release of a controversial new book that 
teaches security professionals how to break software.  Exploiting Software: 
How to Break Code (ISBN 0-201-78695-8) by Greg Hoglund and Gary McGraw, 
gives security professionals deep technical insight on how real attacks are 
carried out in order for software builders to know what it really means to 
secure their software.

The controversy behind Exploiting Software: How to Break Code stems from 
the philosophical argument over whether it is a good idea to teach how 
exploits work.  While some security experts argue that publishing exploits
will 
invite more damaging hacker activity, this book takes the opposing stance.  
The authors believe that the only way that programmers can minimize 
software vulnerabilities is to understand why they exist and how malicious 
hackers exploit them.  

"This was a security book that had to be written and Hoglund and McGraw, 
with their two distinct hacker and scientific backgrounds, were the obvious 
choices," said Karen Gettman, executive editor, Addison-Wesley 
Professional.  "While the primary audience is the security programmer, this 
book has valuable lessons to be learned for all computer professionals 
including security practitioners, ethical hackers, network administrators, 
security consultants, information warriors, and developers."
-OVER-

The book addresses critical software security issues such as, how attackers 
make software break on purpose, why firewalls, intrusion detection systems, 
and antivirus software are unable to keep out the bad guys and, which tools 
can be used to break software.  The book leads security professionals 
through distilled attack patterns, real coding examples, and exploits from
the 
field, to teach the hardcore techniques used by real malicious hackers
against 
software.  The book also includes deep technical coverage of decompilation, 
buffer overflows, and rootkits.

Noted author and security guru Gary McGraw will be a panelist on the track 
Proactive and Reactive Security: What's the Best Mix?, taking place Wed., 
Feb. 25 at 9:00 a.m.  Also on the panel are Avi Rubin and Bill Cheswick, 
Addison-Wesley authors of the best selling security book Firewalls and 
Internet Security, Second Edition (ISBN 0-201-63466-X).  Following the panel 
discussion, the authors will participate in a joint "Meet the Authors
Session" 
scheduled to take place in front of the RSA bookstore (Digital Guru) at 10:30 
a.m.  

About the Authors
Greg Hoglund has been a pioneer in the area of software security for 10 
years.  He created and documented the first Windows NT based rootkit, 
founding www.rootkit.com in the process.  He is CEO and founder of HBGary, 
a software security consulting firm, in addition to being the co-founder of 
Cenzic, Inc.  Gary McGraw, Cigital, Inc.'s CTO, is a software security
thought 
leader and consults in the area of Software Quality Management.  Dr. McGraw 
is co-author of four popular books including, Java Security (Wiley, 1996) and 
Building Secure Software (Addison-Wesley, 2002).  

For more information about Addison-Wesley Professional and other security 
titles, visit booth 1637.

About Addison-Wesley Professional
Addison-Wesley Professional is the leading publisher of high-quality and
timely 
information for developers and system administrators. The Company's mission 
is to provide educational materials concerning new technologies and new 
approaches to current technologies written by leading authorities. Addison-
Wesley Professional is a division of Pearson Education, the global leader in 
integrated education publishing. Pearson Education is part of Pearson plc 
(NYSE: PSO), the international media company. Visit us at 
www.awprofessional.com.
###
(Log in to post comments)

Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds