Security Warrior (英語) ペーパーバック – 2004/2
Kindle 端末は必要ありません。無料 Kindle アプリのいずれかをダウンロードすると、スマートフォン、タブレットPCで Kindle 本をお読みいただけます。
When it comes to network security, many users and administrators are running scared, and justifiably so. The sophistication of attacks against computer systems increases with each new Internet worm.What's the worst an attacker can do to you? You'd better find out, right? That's what Security Warrior teaches you. Based on the principle that the only way to defend yourself is to understand your attacker in depth, Security Warrior reveals how your systems can be attacked. Covering everything from reverse engineering to SQL attacks, and including topics like social engineering, antiforensics, and common attacks against UNIX and Windows systems, this book teaches you to know your enemy and how to be prepared to do battle.Security Warrior places particular emphasis on reverse engineering. RE is a fundamental skill for the administrator, who must be aware of all kinds of malware that can be installed on his machines -- trojaned binaries, "spyware" that looks innocuous but that sends private data back to its creator, and more. This is the only book to discuss reverse engineering for Linux or Windows CE. It's also the only book that shows you how SQL injection works, enabling you to inspect your database and web applications for vulnerability.Security Warrior is the most comprehensive and up-to-date book covering the art of computer war: attacks against computer systems and their defenses. It's often scary, and never comforting. If you're on the front lines, defending your site against attackers, you need this book. On your shelf--and in your hands.
"...brings a no-nonsense serious technical edge, as you'd expect from O'Reilly. This means lots of code examples to work with, and no patronising along the way..." - Davey Winder, PC Plus, Spring 04商品の説明をすべて表示する
Amazon.com で最も参考になったカスタマーレビュー (beta) （「Early Reviewer Program」のレビューが含まれている場合があります）
I enjoyed reading it and going down memory lane; however, security education is best experienced in the classroom of the Internet. A very dynamic topic that changes by the minute. Other than those criticisms, it had a good explanations of many vulnerabilities.
What the authors do is to give you the why and how of attacks and various threats, showing you some of the tools that can be used in these actions against you. The reader can then take these tools and turn them against the attackers, finding vulnerabilities first, and using other tools to counteract attacks and minimize damage. The first part looks at attacks at software, showing how reverse engineering can find out a lot more than might be planned as to how the program works. Things can get rather technical here but it's a great introduction to the mechanics of reverse engineering software and shows how someone could go looking for vulnerabilities, and finding out maybe not all the hows of the program, at least potential entry points in the software's operation.
Then it is on to OS and network security, with the focus on UNIX and some Windows Systems. The authors give some practical examples to explain what goes into attacks you commonly hear about - SQL Injection and Overflow attacks - but may not have seen demonstrated with examples. Many of the chapters and sections that are written about could and do fill whole books, but the authors do a very good job of balancing going beyond the surface of the topic without going too deeply down the technical details and examples to overwhelm or bore the reader. This is not a light, breeze through book, but a technical reference guide. It's one that I can see returning to again and again to help brush up understanding of certain topics as they are needed. This book is a very good starting point for overviewing the ideas as well as the mechanics of security attacks and to help you learn how to repulse them and become the security warrior. Know thy enemy is the necessity of the modern world.
This is an amazing book, covering an incredible amount of ground. I had a little trouble following some of the details on IDA Pro, but the authors were very responsive and helpful. This is the kind of book You'll want to read and re-read. I've got the chapters on software Reversing dog-eared already. The book is very well organized and well worth the investment.
I had to stop reading this in the buffer overflow chapter. Highlights include the flawed interpretation of the error message from when bigmac() returned (it returned to non-mapped memory, the book says it read past the end of a string); the horrible explanation of how buffers work (buffers are not simple variables, and variables do not allocate multiple chunks of memory for themselves as explained); and the incorrect description of the return-to-text attack (returned to existing code, but the book says it's run code you injected onto the stack). After reading a stream of these such inaccuracies, I stopped looking for something that actually came out right.
The buffer overflow chapter can easily be replaced with Hacking: The Art of Exploitation. Read that instead. It's also got better networking and WEP attack explanations.