By James C. Foster, Foreword by Dave Aitel
HIGHLIGHT
The SANS Institute maintains a list of the "Top 10 Software Vulnerabilities." At the current time, over half of these vulnerabilities are exploitable by Buffer Overflow attacks, making this class of attack one of the most common and most dangerous weapon used by malicious attackers. This is the first book specifically aimed at detecting, exploiting, and preventing the most common and dangerous attacks. |
Over half of the "SANS TOP 10 Software Vulnerabilities" are related to buffer overflows.
Date: Jan 2005
Pages: 520 (est.)
User level: Intermediate/Advanced
|
DESCRIPTION
Buffer overflows make up one of the largest collections of vulnerabilities in existence; And a large percentage of possible remote exploits are of the overflow variety. Almost all of the most devastating computer attacks to hit the Internet in recent years including SQL Slammer, Blaster, and I Love You attacks. If executed properly, an overflow vulnerability will allow an attacker to run arbitrary code on the victim’s machine with the equivalent rights of whichever process was overflowed. This is often used to provide a remote shell onto the victim machine, which can be used for further exploitation. A buffer overflow is an unexpected behavior that exists in certain programming languages. This book provides specific, real code examples on exploiting buffer overflow attacks from a hacker's perspective and defending against these attacks for the software developer.
KEY SELLING POINTS
- Over half of the "SANS TOP 10 Software Vulnerabilities" are related to buffer overflows.
- None of the current-best selling software security books focus exclusively on buffer overflows.
- This book provides specific, real code examples on exploiting buffer overflow attacks from a hacker's perspective and defending against these attacks for the software developer.
MARKET INFORMATION
The SANS Institute maintains a list of the "Top 10 Software Vulnerabilities." At the current time, over half of these vulnerabilities are exploitable by Buffer Overflow attacks, making this class of attack one of the most common and most dangerous weapon used by malicious attackers. And, the Natioanl Institute of Standards and Technology reports that 23% of all vulnerabilities reported in 2003 were Buffer Overflow attacks, reinforcing how common and dangerous these attacks are.
Competing books provide coverage of buffer overflow attacks along with many other classes of attacks. While the competition does provide adequate coverage, none of these books go into the depths of analysis of code as this book.
ABOUT THE AUTHOR
James C. Foster, Fellow is the Deputy Director of Global Security Solution Development for Computer Sciences Corporation where he is responsible for the vision and development of physical, personnel, and data security solutions. Prior to CSC, Foster was the Director of Research and Development for Foundstone Inc. (acquired by McAfee) and was responsible for all aspects of product, consulting, and corporate R&D initiatives. Prior to joining Foundstone, Foster was an Executive Advisor and Research Scientist with Guardent Inc. (acquired by Verisign) and an adjunct author at Information Security Magazine(acquired by TechTarget), subsequent to working as Security Research Specialist for the Department of Defense. With his core competencies residing in high-tech remote management, international expansion, application security, protocol analysis, and search algorithm technology, Foster has conducted numerous code reviews for commercial OS components, Win32 application assessments, and reviews on commercial-grade cryptography implementations.
TECHNOLOGY BACKGROUND
A buffer overrun occurs when a program sets aside a certain amount of memory (say 100 bytes) to hold certain data--this is the buffer. But then a user tries to stuff in 200 bytes of input, and like someone attempting to pour a pint of milk into a glass that'll only hold half a pint, the remainder will overflow. The computer equivalent of the milk spilling on the floor is the extra 100 bytes of data overwriting critical values in memory that control a program's path of execution. The results of this "overflow" can be devastating, and can also be spread quickly across the Internet through worms and e-mail attachments. The most destructive buffer overflow attack ever launched was the SQL Slammer worm. |
