Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed)

Overview

The trust you place in your software is often a blind faith. Many of the people that I speak with on a regular basis about computer security and software have developed a love-hate relationship with their software vendor(s). Who would have thought we would need to have a whole new classification of software dubbed malware, which is the term now used to describe malicious software designed to take control over your system, steal your confidential information, corrupt your data, distribute unsolicited e-mail, attack or infect other systems on your network, or just spray systems on the Internet with random packets or targeted denial-of-service attacks. These problems are primarily the result of specific vulnerabilities in the software you use (or develop yourself). Oftentimes they are manifested by loose boundaries and constraints in your software, inappropriate assumptions when allocating memory or receiving input from sources outside of the program, or simply unconsidered decisions about the activity or privileges of the softwarein other words, bugs . However, they are also the result of users not being informed as to what these vulnerabilities really mean and having higher expectations (than we should have) of our software vendors .

We'll explore the most critical vulnerabilities that exist in many applications today and we'll highlight some of the new attacks that are sure to become more common in the future. Although not intending to provide an exhaustive list or discussion about every possible area of weakness, we hope this information will assist you in the process of finding these errors in your programs or understanding how these vulnerabilities came to exist within the applications on which you rely.

This chapter will provide information on the following:

• Application Attack Vectors Learn how your systems are being identified and targeted by internal and external miscreants. Visualize, from a software perspective, examples of common and simple tools that demonstrate misconceptions about your identity and resources that are publicly available. This section provides a foundation for the reader to understand and quantify the risk of their software services based upon how vulnerabilities on their systems and services are discovered and then targeted.

• Threats and Vulnerabilities Common threats and vulnerabilities are explained in depth in this section. Dig into shellcodes, SQL injection, race conditions, and various other vulnerabilities that put your software at serious risk. Learn how to solve these problems and, in many cases, find real world tools and tips to avoid their occurrence entirely, or provide additional protections .

• Future Vulnerabilities and Techniques Learn about the future vulnerabilities that will become more popular in tomorrow's software and the techniques you can use to create a defense posture to thwart future exploitation.