Symantec's chief antivirus researcher has written the definitive guide to contemporary virus threats, defense techniques, and analysis tools. Unlike most books on computer viruses, The Art of Computer Virus Research and Defense is a reference written strictly for white hats: IT and security professionals responsible for protecting their organizations against malware. Peter Szor systematically covers everything you need to know, including virus behavior and classification, protection strategies, antivirus and worm-blocking techniques, and much more.

Szor presents the state-of-the-art in both malware and protection, providing the full technical detail that professionals need to handle increasingly complex attacks. Along the way, he provides extensive information on code metamorphism and other emerging techniques, so you can anticipate and prepare for future threats.

Szor also offers the most thorough and practical primer on virus analysis ever published—addressing everything from creating your own personal laboratory to automating the analysis process. This book's coverage includes

• Discovering how malicious code attacks on a variety of platforms

• Classifying malware strategies for infection, in-memory operation, self-protection, payload delivery, exploitation, and more

• Identifying and responding to code obfuscation threats: encrypted, polymorphic, and metamorphic

• Mastering empirical methods for analyzing malicious code—and what to do with what you learn

• Reverse-engineering malicious code with disassemblers, debuggers, emulators, and virtual machines

• Implementing technical defenses: scanning, code emulation, disinfection, inoculation, integrity checking, sandboxing, honeypots, behavior blocking, and much more

• Using worm blocking, host-based intrusion prevention, and network-level defense strategies

Hacking is the art of creating problem solving, whether used to find an unconventional solution to a difficult problem or to exploit holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation that a hacker needs to be successful. Hacking: The Art of Exploitation explains things that every real hacker should know.

While many hacking books show you how to run other people's exploits without really explaining the technical details, Hacking: The Art of Exploitation introduces you to the spirit and theory of hacking as well as the science behind it all. By learning some of the core techniques and clever tricks of hacking, you will begin to understand the hacker mindset. Once you learn to think like a hacker, you can write your own hacks and innovate new techniques, or you can thwart potential attacks on your system.

A description and analysis of the vulnerabilities caused by programming errors in Web applications, this book is written from both from the attacker's and security specialist's perspective. Covered is detecting, investigating, exploiting, and eliminating vulnerabilities in Web applications as well as errors such as PHP source code injection, SQL injection, and XSS. The most common vulnerabilities in PHP and Perl scripts and methods of exploiting these weaknesses are described, information on writing intersite scripts and secure systems for the hosted sites, creating secure authorization systems, and bypassing authorization. Uncovered is how attackers can benefit from the hosted target and why an apparently normal-working application might be vulnerable.

Practically every day, we read about a new type of attack on computer systems and networks. Viruses, worms, denials of service, and password sniffers are attacking all types of systems -- from banks to major e-commerce sites to seemingly impregnable government and military computers --at an alarming rate.

Despite their myriad manifestations and different targets, nearly all attacks have one fundamental cause: the code used to run far too many systems today is not secure. Flaws in its design, implementation, testing, and operations allow attackers all-too-easy access.

Secure Coding , by Mark G. Graff and Ken vanWyk, looks at the problem of bad code in a new way. Packed with advice based on the authors' decades of experience in the computer security field, this concise and highly readable book explains why so much code today is filled with vulnerabilities, and tells readers what they must do to avoid writing code that can be exploited by attackers. Writing secure code isn't easy, and there are no quick fixes to bad code. To build code that repels attack, readers need to be vigilant through each stage of the entire code lifecycle:

• Architecture: during this stage, applying security principles such as "least privilege" will help limit even the impact of successful attempts to subvert software.
• Design: during this stage, designers must determine how programs will behave when confronted with fatally flawed input data. The book also offers advice about performing security retrofitting when you don't have the source code -- ways of protecting software from being exploited even if bugs can't be fixed.
• Implementation: during this stage, programmers must sanitize all program input (the character streams representing a programs' entire interface with its environment -- not just the command lines and environment variables that are the focus of most security analysis).
• Testing: during this stage, programs must be checked using both static code checkers and runtime testing methods -- for example, the fault injection systems now available to check for the presence of such flaws as buffer overflow.
• Operations: during this stage, patch updates must be installed in a timely fashion. In early 2003, sites that had diligently applied Microsoft SQL Server updates were spared the impact of the Slammer worm that did serious damage to thousands of systems.

Beyond the technical, Secure Coding sheds new light on the economic, psychological, and sheer practical reasons why security vulnerabilities are so ubiquitous today. It presents a new way of thinking about these vulnerabilities and ways that developers can compensate for the factors that have produced such unsecured software in the past. It issues a challenge to all those concerned about computer security to finally make a commitment to building code the right way.

This concise and practical book will show where code vulnerabilities lie and how best to fix them. Its value is in showing where code may be exploited to gain access to - or break - systems, but without delving into specific architectures, programming or scripting languages or applications. It provides illustrations with real code.

Innocent Code is an entertaining read showing how to change your mindset from website construction to website destruction so as to avoid writing dangerous code. Abundant examples from susceptible sites will bring the material alive and help you to guard against:

• SQL Injection, shell command injection and other attacks based on mishandling meta-characters
• bad input
• cross-site scripting
• attackers who trick users into performing actions
• leakage of server-side secrets
• hidden enemies such as project deadlines, salesmen, messy code and tight budgets

All web programmers need to take precautions against producing websites vulnerable to malicious attack. This is the book which tells you how without trying to turn you into a security specialist.

Suddenly your Web server becomes unavailable. When you investigate, you realize that a flood of packets is surging into your network. You have just become one of the hundreds of thousands of victims of a denial-of-service attack, a pervasive and growing threat to the Internet. What do you do? Internet Denial of Service sheds light on a complex and fascinating form of computer attack that impacts the confidentiality, integrity, and availability of millions of computers worldwide. It tells the network administrator, corporate CTO, incident responder, and student how DDoS attacks are prepared and executed, how to think about DDoS, and how to arrange computer and network defenses. It also provides a suite of actions that can be taken before, during, and after an attack. Inside, you'll find comprehensive information on the following topics How denial-of-service attacks are waged How to improve your network's resilience to denial-of-service attacks What to do when you are involved in a denial-of-service attack The laws that apply to these attacks and their implications How often denial-of-service attacks occur, how strong they are, and the kinds of damage they can cause Real examples of denial-of-service attacks as experienced by the attacker, victim, and unwitting accomplices The authors' extensive experience in handling denial-of-service attacks and researching defense approaches is laid out clearly in practical, detailed terms.