Updates
Latest Tweet
What's New?
Check out for latest innovation, a computer based training video collection
Like this Page
Exploiting Software: How to Break Code Review by Richard Bejtlich
Not as good as other works by these great authors, but still valuable
I read Exploiting Software (ES) last year but realized I hadn't reviewed it yet. Having read other books by these authors, like McGraw's Software Security and Hoglund's Rootkits, I realized ES was not as good as those newer books. At the time ES was published (2004) it continued to define the software exploitation genre begun in Building Secure Software. However, I don't think it's necessary to pay close attention to ES when newer books by McGraw and Hoglund are now available.
On the positive side, I appreciate three aspects of ES. First, I like the attention paid to attack patterns. This concept makes sense and should be used by other authors who want to describe a means to exploit a target. Second, I am impressed that ES features a whole chapter (5) on attacking client software. When ES was published, client-side attacks were just becoming popular. Discussing this problem shows great insights on the part of the authors. Third, several of the examples in ES are great case studies on exploiting software. When explained in sufficient detail they make for educational reading.
On the down side, I agree with several other reviewers that the book seems somewhat erratic. Attack patterns that are two sentences long are probably candidates for inclusion in a chart, not listed in the main text. I don't think the predictions found in ch 1 were necessary, and I think some of the criticism of detection methods in ch 6 border on the ignorant. I agree that perfect detection is impossible, but there are plenty of methods that work in the real world. They may not be real-time, but no intruder is perfectly stealthy in all aspects of an attack.
Regarding chapters 7 and 8, on buffer overflows and rootkits -- at 170 pages, those could almost have been their own book. The material doesn't seem to match the rest of the book, and it's obviously Hoglund's work. Add in a like-minded chapter on reverse engineering (3) at 74 pages and you definitely have a stand-alone book!
It's probably sufficient to read Building Secure Software, Software Security, and Rookits if you like the McGraw/Hoglund approach to attacking and defending software. Take a quick look at the attack pattern material to get a feel for that concept.