Book Review: Hacking, The Art of Exploitation

by Khalid Hosein on February 24, 2008

Now in its second edition and twice as long as the first edition, “Hacking, The Art of Exploitation“, introduces the reader very rapidly to programming, pseudo-code, the C language, then dives deeply into exploits, and their associated code. If you’ve ever wanted to know what a buffer overflow, spoofing or password cracking was, then this book will not only explain what those are at a more than cursory level, but give you code samples so that you can test it yourself.

I have not seen the 1st edition, so this review of this book stands alone. Although Hacking devotes about a quarter of the book to introducing programming, pseudo-code, as well as computer basics such as memory segments and the heap, don’t make the mistake that you will learn programming from this book alone. This book’s strength is in explaining why holes exist, what common ones are and then demonstrating how they can be exploited with appropriate code samples. This is not a book for ‘script kiddies’ who simply find pre-made exploit programs to run with a one-line command or a double-click of a mouse.

Ads

You can see the Table of Contents here [PDF], but Hacking goes into buffer overflows, employing both Perl and Bash scripting techniques, formating string vulnerabilities, networking holes, countermeasures and even cryptography. Despite a somewhat sensational title, the author, Jon Erickson, really does focus on what he sees an art. The art is in creating and writing elegant code that not only fulfills its goal, but does so in a clever, neat, non-brute forced way.

Of course, the eternal argument surrounding books and material such as this arises – that it is only enabling crackers to further damage computer systems, steal private data, etc. This is a weak argument of course. Those whose jobs are to protect computer systems and applications must understand these flaws and techniques in order to fix, prevent and protect against them. This does not only apply to computing, but to any other field where a ‘bad guy’ can take advantage of a system for their own selfish reasons. Once knowledge has been released, it becomes very difficult to put it back in its box. This book is just knowledge wrapped in a different package. We recommend you strongly consider this title if you would like to enter this field or add to your repertoire.

Price: $32.97
(Please note prices are subject to change and the listed price is correct to the best of our knowledge at the time of posting)