Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Exploiting Software: How to Break Code by Greg Hoglund and Gary McGraw  RSS feed

Book Review Team
Posts: 962
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
<pre>Author/s : Greg Hoglund and Gary McGraw
Publisher : Addison-Wesley
Category : Other
Review by : Ernest Friedman-Hill
Rating : 6 horseshoes
"Exploiting Software" purports to be a book aimed at helping software professionals understand the security risks they face; it uses the pedagogical device of teaching how software can be attacked to achieve the goal of explaining how secure software should be built. Unfortunately, I think it fails both as a guide to building secure software and as a guide to being a black hat hacker.
Most of "Exploiting Software" reads more like a book proposal than a completed work: too detailed in places (do we really need a dozen pages on writing plugins for the IDA Pro Disassembler?), not detailed enough in others, and generally not well organized. Far too often, the reader is simply told that an exploit exists, and is then directed to the original source for details. Worse, the original sources are often white papers, personal web sites, and conference proceedings -- things that are either hard to obtain, unlikely to be available for long, or both. As a result, the reader learns nothing.
The preface to "Exploiting Software" explains that this is a companion volume to "Building Secure Software," written by the same Gary McGraw with another co-author, and this helps to explain the main failings of this book. While the last two chapters, "Buffer overflow" and "Rootkits", are better than the rest -- they provide plenty of concrete details -- two chapters aren't enough to vindicate this fairly shallow work. For $49.99, I expect a book that can stand on its own.

More info at
More info at
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!