Book Review-- Hacking: The Fine art of Exploitation, 2nd Edition

Unix Dweeb, ITworld |

ITworld.com –

Hacking: The Fine art of Exploitation, 2nd Edition (Jon Erickson, No Starch Press, 2008) is an intense, thorough and extremely well written book that can take yous from basic hacking concepts to building your own security code in a surprisingly short fourth dimension. Information technology is probably the best book to read if you want a thorough understanding of diverse hacking techniques, especially if yous know enough about programming to put some of what you lot acquire into practice -- non for hacking, I would promise, but to employ the same skills for vulnerability testing and the aforementioned cognition for protecting your network.

The volume consistently provides clear, nevertheless detailed, explanations. In its viii chapters, it lays a groundwork for agreement the basic methods of hacking (identifying and exploiting weaknesses in deployed code) and follows through with details on how specific flaws lead to specific attacks. The author also presents very useful countermeasures -- those that observe exploits and those that deflect them.

Chapter 1, Introduction, sets the expectations for the rest of the book. It introduces the complex, depression-level workings of computers in a manner that virtually high level users are likely to observe quite illuminating.

Chapter 2 focuses on programming. Some of this early material may seem more detailed than necessary for those who have been programming for a long fourth dimension, but information technology doesn't insult the reader by existence besides introductory. By the end of the chapter, the reader is already getting his feet moisture with sample lawmaking and a solid expectation of what the following chapters on methods and means will provide.

Affiliate 3 might be said to be the real meat of the text. It introduces all types of hacking exploits from stack and heap buffer overflows, denial of service attack, TCP/IP hijacking, port scanning and more. If these are vague concepts to you, they certainly volition no longer be once you finished this volume.

Chapter 4 addresses network-related attacks. Information technology starts with basic explanations of OSI layers, sockets and such then carries through with how network concepts lead to hacking exploits.

Chapters 5 through vii encompass shellcode (the payload in the exploitation of a particular vulnerability), countermeasures and cryptography.

Affiliate viii wraps upwardly the wide and detailed scope of the book with some cardinal take-home messages.

I found the arroyo of the book, starting with basic explanations of flaws and exploits, moving through programming and then centering on specific exploitation techniques to be very constructive. Some older exploits (like the ping of death) might no longer be crusade for concern, but the historical implications of flaws one time exploited and somewhen thwarted may help the reader to understand how systems and firewalls have evolved as a consequence. The dissections of hacking techniques are nothing short of excellent.

You tin can larn such things as how to corrupt system memory and run capricious code via buffer overflows and format strings. Yous will come across how to become nearly outsmarting common security measures used with intrusion detection systems. You volition larn how to use a debugger to read processor registers and memory contents. You might fifty-fifty learn to crack certain encryption protocols. Whether yous are a sysadmin or a programmer, you are likely to go out this book with a renewed sense of the importance of defensive coding techniques.

The book includes LiveCD -- a complete Linux programming and debugging environment that you can run without modifying your working operating system. This means you lot can really debug code, overflow buffers, hijack network connections, get around protections gear up to trip yous upwards, exploit cryptographic weaknesses and devise your own hacking tools if you experience like experimenting.

At nearly twice the size of the first edition, this book is a bargain and a must have for anyone who wants to sympathize the ins and outs of hacking.

Just as the twenty-four hours that I locked myself out of my firm put me in an altogether different mindset regarding its penetrability, this book will dramatically change your view of system security.

This story, "Book Review-- Hacking: The Art of Exploitation, 2nd Edition" was originally published by ITworld .

Sandra Henry-Stocker has been administering Unix systems for more xxx years. She describes herself equally "USL" (Unix equally a second language) but remembers enough English to write books and buy groceries. She lives in the mountains in Virginia where, when not working with or writing almost Unix, she's chasing the bears away from her bird feeders.

Copyright © 2008 IDG Communications, Inc.