Will the Code You Write Today Headline Tomorrow's BugTraq Mail List?

• Includes Numbered-by-Line Exploit Code Examples That Illustrate the Differences Between Stack Overflows, Heap Corruption, and Format String Bugs

• Provides Case Studies for Most Major Platforms and Environments, Including Windows, FreeBSD, FrontPage, and Linux

• Avoid Worm or Custom Exploits by Analyzing Your Source Code to Detect Buffer Overflow Vulnerabilities

Forensic investigations of notorious Internet attacks, such as the SQL Slammer and Blaster Worms, reveal buffer overflows to be the sophisticated hacker's "vulnerability of choice". These worms crippled the Internet and cost billions of dollars to clean up. Now, even more powerful and insidious threats have appeared in the form of "custom exploits". These one-time only exploits are custom crafted to attack your enterprise, making them even more difficult to detect and defend. No catchy names, no media coverage; just your own personal disaster.

James C. Foster's Buffer Overflow Attacks clearly demonstrates that the only way to defend against the endless variety of buffer overflow attacks is to implement a comprehensive design, coding and test plan for all of your applications. From Dave Aitel's Foreword through the last appendix, this is the only book dedicated exclusively to detecting, exploiting, and preventing buffer overflow attacks.

CONTENTS OF THIS BOOK INCLUDE

Buffer Overflows: The Essentials

Understanding Shellcode

Writing Shellcode

Win32 Assembly

Case Study: FreeBSD NN Exploit Code

Case Study: xlockmore User Supplied Format String Vulnerability (CVE-2000-0763)

Case Study: FrontPage Denial of Service Utilizing WinSock

Stack Overflows

Heap Corruption

Format String Attacks

Windows Buffer Overflows

Case Study: cURL buffer overflow on Linux

Case Study: OpenSSL SSLv2 Malformed Client Key Remote Buffer Overflow Vulnerability (CAN-2002-0656)

Case Study: X11R6 4.2 XLOCALEDIR Overflow

Case Study: Microsoft MDAC Denial of Service

Case Study: Local UUX Buffer Overflow on HPUX

Finding Buffer Overflows in Source

Case Study: InlineEgg I

Case Study: InlineEgg II

Case Study: Seti@Home Exploit Code

Case Study: Microsoft CodeBlue Exploit Code

The Complete Data Conversion Table

Useful Syscalls

Additional Exploit References

Browse Similar Topics

Top Level Categories:
Information Technology & Software Development

Sub-Categories:
Information Technology & Software Development > Web Development