The black hats have kept up with security enhancements. Have you? In the technological arena
three years is a lifetime. Since the first edition of this book was published in 2004 built-in
security measures on compilers and operating systems have become commonplace but are still far
from perfect. Arbitrary-code execution vulnerabilities still allow attackers to run code of
their choice on your system--with disastrous results. In a nutshell this book is about code
and data and what happens when the two become confused. You'll work with the basic building
blocks of security bugs--assembler source code the stack the heap and so on. You'll
experiment explore and understand the systems you're running--and how to better protect them.
* Become familiar with security holes in Windows Linux Solaris Mac OS X and Cisco's IOS *
Learn how to write customized tools to protect your systems not just how to use ready-made
ones * Use a working exploit to verify your assessment when auditing a network * Use
proof-of-concept exploits to rate the significance of bugs in software you're developing *
Assess the quality of purchased security products by performing penetration tests based on the
information in this book * Understand how bugs are found and how exploits work at the lowest
level
