![[Cover]](https://static.lwn.net/images/ns/exploiting-software.png)
The world is full of books on how to secure systems, how to write secure
code, and how to deal with breakins. There are rather fewer books that go
into details of how to compromise software and carry out breakins. That
gap has now been filled by
Exploiting Software: How To Break Code by
Greg Hoglund and Gary McGraw. This book's purpose is not to help the
crackers; those people, according to the authors, already know about the
techniques described here. Instead, the authors wish to help programmers
and system administrators achieve better security through an understanding
of how security failures happen.
To that end, this book covers a number of ways of attacking software.
Direct reverse engineering gets a full chapter, much of which is dedicated
to things you can do with the Windows debugger. There is a chapter on
server attacks; it looks at carefully crafted input, configuration attacks,
filesystem browsing, poor authentication schemes, etc. The chapter on
client-side attacks covers cross-site scripting, embedded control
characters, and more. The creation of malicious input gets a chapter of
its own, where issues of how to track what a server does with input, tricks
with character encodings, and more are discussed; this chapter also looks
at how to get malicious input past intrusion detection systems. Buffer
overflows and format string vulnerabilities are discussed in detail;
interestingly, the authors claim that format string vulnerabilities were
known to the "black hats" for years before being more widely "discovered"
and, mostly, fixed. The book finishes with a discussion of root kits.
If you are a cracker wannabe looking to learn the trade, this book might
provide a good start - though you will still have to fill in a lot of the
details yourself. This book is not a simple cookbook for crackers, though
some of its advice ("Also, remember that a Web server will create log
files of all injection activity, which tends to stick out like a sore
thumb. If this pattern is used, clean the log files as soon as
possible.
") is not necessarily useful for anybody else. The
coverage of the book is not entirely complete either; it has little space
for kernel attacks, SQL injection, or exploit generation tools, for
example. While Linux is often mentioned, the bulk of the discussion uses
Windows for its examples (though almost all of the concepts discussed apply
equally to either system). Even so, Exploiting Software is a
worthwhile addition to the bookshelf of anybody interested in security
issues - as most of us should be.
Comments (3 posted)
One other book that recently showed up in our mailbox is
Secure
![[Cover]](https://static.lwn.net/images/ns/openbsd-cover.png)
Architectures With OpenBSD by Brandon Palmer and Jose Nazario. This
book is, primarily, a system administration manual, but, since it's for
OpenBSD, it is strongly oriented toward running secure systems. It covers
all of the usual topics, though often a bit more superficially than one
might like. The range of topics is wide, however, extending into
firewalling, Kerberos, S/Key, IPSec, IPv6, intrusion detection, etc. If
you're looking for a pure BSD administration manual, you may want to
supplement this one with the
Unix Administration Handbook or
something similar. This book, however, is a good, thorough overview of how
the OpenBSD variant of BSD is put together and how to keep it secure.
Comments (none posted)
