Abstract: Praise for Exploiting Software " Exploiting Software highlights the most critical part of the software quality problem. As it turns out, software quality problems are a major contributing factor to computer security problems. Increasingly, companies large and small depend on software to run their businesses every day. The current approach to software quality and security taken by software companies, system integrators, and internal development organizations is like driving a car on a rainy day with worn-out tires and no air bags. In both cases, the odds are that something bad is going to happen, and there is no protection for the occupant/owner. This book will help the reader understand how to make software quality part of the design--a key change from where we are today!" -- Tony Scott Chief Technology Officer, IS&S General Motors Corporation "It's about time someone wrote a book to teach the good guys what the bad guys already know. As the computer security industry matures, books like Exploiting Software have a critical role to play." -- Bruce Schneier Chief Technology Officer Counterpane Author of Beyond Fear and Secrets and Lies " Exploiting Software cuts to the heart of the computer security problem, showing why broken software presents a clear and present danger. Getting past the 'worm of the day' phenomenon requires that someone other than the bad guys understands how software is attacked. This book is a wake-up call for computer security." -- Elinor Mills Abreu Reuters' correspondent "Police investigators study how criminals think and act. Military strategists learn about the enemy's tactics, as well as their weapons and personnel capabilities. Similarly, information security professionals need to study their criminals and enemies, so we can tell the difference between popguns and weapons of mass destruction. This book is a significant advance in helping the 'white hats' understand how the 'black hats' operate. Through extensive examples and 'attack patterns,' this book helps the reader understand how attackers analyze software and use the results of the analysis to attack systems. Hoglund and McGraw explain not only how hackers attack servers, but also how malicious server operators can attack clients (and how each can protect themselves from the other). An excellent book for practicing security engineers, and an ideal book for an undergraduate class in software security." -- Jeremy Epstein Director, Product Security & Performance webMethods, Inc. "A provocative and revealing book from two leading security experts and world class software exploiters, Exploiting Software enters the mind of the cleverest and wickedest crackers and shows you how they think. It illustrates general principles for breaking software, and provides you a whirlwind tour of techniques for finding and exploiting software vulnerabilities, along with detailed examples from real software exploits. Exploiting Software is essential reading for anyone responsible for placing software in a hostile environment--that is, everyone who writes or installs programs that run on the Internet." -- Dave Evans, Ph.D. Associate Professor of Computer Science University of Virginia "The root cause for most of today's Internet hacker exploits and malicious software outbreaks are buggy software and faulty security software deployment. In Exploiting Software, Greg Hoglund and Gary McGraw help us in an interesting and provocative way to better defend ourselves against malicious hacker attacks on those software loopholes. The information in this book is an essential reference that needs to be understood, digested, and aggressively addressed by IT and information security professionals everywhere." -- Ken Cutler, CISSP, CISA Vice President, Curriculum Development & Professional Services, MIS Training Institute "This book describes the threats to software in concrete, understandable, and frightening detail. It also discusses how to find these problems before the bad folks do. A valuable addition to every programmer's and security person's library!" -- Matt Bishop, Ph.D. Professor of Computer Science University of California at Davis Author of Computer Security: Art and Science "Whether we slept through software engineering classes or paid attention, those of us who build things remain responsible for achieving meaningful and measurable vulnerability reductions. If you can't afford to stop all software manufacturing to teach your engineers how to build secure software from the ground up, you should at least increase awareness in your organization by demanding that they read Exploiting Software. This book clearly demonstrates what happens to broken software in the wild." -- Ron Moritz, CISSP Senior Vice President, Chief Security Strategist Computer Associates " Exploiting Software is the most up-to-date technical treatment of software security I have seen. If you worry about software and application vulnerability, Exploiting Software is a must-read. This book gets at all the timely and important issues surrounding software security in a technical, but still highly readable and engaging, way. Hoglund and McGraw have done an excellent job of picking out the major ideas in software exploit and nicely organizing them to make sense of the software security jungle." -- George Cybenko, Ph.D. Dorothy and Walter Gramm Professor of Engineering, Dartmouth Founding Editor-in-Chief, IEEE Security and Privacy "This is a seductive book. It starts with a simple story, telling about hacks and cracks. It draws you in with anecdotes, but builds from there. In a f.

Abstract: "Imagine trying to play defense in football without ever studying offense. You would not know when a run was coming, how to defend pass patterns, nor when to blitz. In computer systems, as in football, a defender must be able to think like an attacker. I say it in my class every semester, you don't want to be the last person to attack your own system--you should be the first. "The world is quickly going online. While I caution against online voting, it is clear that online gaming is taking the Internet by storm. In our new age where virtual items carry real dollar value, and fortunes are won and lost over items that do not really exist, the new threats to the intrepid gamer are all too real. To protect against these hazards, you must understand them, and this groundbreaking book is the only comprehensive source of information on how to exploit computer games. Every White Hat should read it. It's their only hope of staying only one step behind the bad guys." --Aviel D. Rubin, Ph.D. Professor, Computer Science Technical Director, Information Security Institute Johns Hopkins University "Everyone's talking about virtual worlds. But no one's talking about virtual-world security. Greg Hoglund and Gary McGraw are the perfect pair to show just how vulnerable these online games can be." --Cade Metz Senior Editor PC Magazine "If we're going to improve our security practices, frank discussions like the ones in this book are the only way forward. Or as the authors of this book might say, when you're facing off against Heinous Demons of Insecurity, you need experienced companions, not to mention a Vorpal Sword of Security Knowledge." --Edward W. Felten, Ph.D. Professor of Computer Science and Public Affairs Director, Center for Information Technology Policy Princeton University "Historically, games have been used by warfighters to develop new capabilities and to hone existing skills--especially in the Air Force. The authors turn this simple concept on itself, making games themselves the subject and target of the 'hacking game,' and along the way creating a masterly publication that is as meaningful to the gamer as it is to the serious security system professional. "Massively distributed systems will define the software field of play for at least the next quarter century. Understanding how they work is important, but understanding how they can be manipulated is essential for the security professional. This book provides the cornerstone for that knowledge." ...

Abstract: "When it comes to software security, the devil is in the details. This book tackles the details." --Bruce Schneier, CTO and founder, Counterpane, and author of Beyond Fear and Secrets and Lies "McGraw's book shows you how to make the 'culture of security' part of your development lifecycle." --Howard A. Schmidt, Former White House Cyber Security Advisor "McGraw is leading the charge in software security. His advice is as straightforward as it is actionable. If your business relies on software (and whose doesn't), buy this book and post it up on the lunchroom wall." --Avi Rubin, Director of the NSF ACCURATE Center; Professor, Johns Hopkins University; and coauthor of Firewalls and Internet Security Beginning where the best-selling book Building Secure Software left off, Software Security teaches you how to put software security into practice.The software security best practices, or touchpoints, described in this book have their basis in good software engineering and involve explicitly pondering security throughout the software development lifecycle. This means knowing and understanding common risks (including implementation bugsand architectural flaws), designing for security, and subjecting all software artifacts to thorough, objective risk analyses and testing. Software Security is about putting the touchpoints to work for you. Because you can apply these touchpoints to the software artifacts you already produce as you develop software, you can adopt this book's methods without radically changing the way you work. Inside you'll find detailed explanations of Risk management frameworks and processes Code review using static analysis tools Architectural risk analysis Penetration testing Security testing Abuse case development In addition to the touchpoints, Software Security covers knowledge management, training and awareness, and enterprise-level software security programs. Now that the world agrees that software security is central to computer security, it is time to put philosophy into practice. Create your own secure development lifecycle by enhancing your existing software development lifecycle with the touchpoints described in this book. Let this expert author show you how to build more secure software by building security in.

Abstract: "Building Secure Software cuts to the heart of computer security to help you get security right the first time. If you are serious about computer security, you need to read this book, which includes essential lessons for both security professionals who have come to realize that software is the problem, and software developers who intend to make their code behave. Written for anyone involved in software development and use--from managers to coders--this book is your first step toward building more secure software. Building Secure Software provides expert perspectives and techniques to help you ensure the security of essential software. If you consider threats and vulnerabilities early in the development cycle you can build security into your system. With this book you will learn how to determine an acceptable level of risk, develop security tests, and plug security holes before software is even shipped"--Resource description page.

Abstract: This digital Short Cut, delivered in Adobe PDF format for quick and easy access, is an introduction to issues with cheating and anti-cheating countermeasures in the online gaming industry. At present, the online game World of Warcraft has approximately six million subscribers worldwide. At any given time, 500,000 people are logged in and playing. And while many of these players log countless hours engaged in the repetitive tasks required to accumulate points and acquire virtual money and tools-an activity called "grinding"-others would rather find a way to speed game-play along. So they cheat. Some write macros to grind for them while they are doing better things. Others find websites where they can purchase the ill-gotten gains of those macro-writers. Either way, big money is on the line when players cheat. A high rate of cheating upsets the online gaming economy and disrupts game play for everyone. If disgruntled players leave the game, then World of Warcraft's creator (Blizzard Entertainment) loses real subscribers and real money. With the stakes so high, it's not surprising that companies like Blizzard Entertainment take active steps to prevent cheating. But you may be surprised and upset to learn exactly what those measures are and how they might affect your PC. This digital Short Cut will discuss the methods gaming companies use to prevent cheating. You will learn how a program designed for World of Warcraft keeps watch of your game-play by scanning your computer for open processes and collecting information about you. We'll also show you how to run a program called the Governor to keep watch of the watchers and know exactly what Blizzard Entertainment is doing on your computer. After reading this Short Cut, you'll also have a much better understanding of the ethical and technical issues surrounding cheating and be able to make informed decisions about how much you want to grind and how much you want gaming companies to know about you. Cheating Online Games contains information that will appear in Greg Hoglund and Gary McGraw's forthcoming book, Exploiting Online Games (ISBN 0132271915), available summer/fall 2007. This Short Cut is fully self-contained and is an excellent place to start learning about technical issues in online gaming. Cheating Online Games (Digital Short Cut) · What This Short Cut Will Cover · A Brief History of Cheating · Defeating Piracy by Going Online · Or Not... · The Lawyer...