gail said
Very little useful information that can't be found through free resources on the web or your own investigations. The book jumps from topic to topic providing only a cursory look at basic investigitory techniques. I'm amazed it got published at all given the rather sophomoric approach to a difficult subject. I was expecting detailed strategy and tactics for decompiling java classes and instead ended up with what reads like someone's blog of ideas or musings on the subject. Not very professional.
Yurie Nagorny said
If you are looking for java fundamentals, this is a wrong book. However, if you want to broaden your horizons on various practical techniques of working with java, this is an excellent source. The information in the book is offered in a condensed form with good amount of real-world examples and recomendations/comparisons of various tools. I enjoyed reading this book and I recommend it to everyone who wants to jump start their practical knowledge of things listed in the book's title.
Brian P. Marshall said
Book was on time and in excellent (new) condition. 5 big fat stars!
Charles Ashbacher said
I know that I am reading a high quality computer book when I absolutely have to stop and try the code examples. When I have to download a tool in order to execute the code, then it truly is a book to behold. That happened with this book. As I began reading chapter 2 on decompiling Java bytecode, I immediately went online and downloaded some of the tools. It was a fascinating and also disturbing experience. Java bytecode is of course not in a machine-specific executable form, so it is relatively easy to reconstruct the original source code. From this point on, examples of decompiling Java bytecode will be part of my class on computer security.
The topic of chapter 3 is obfuscating classes, something that I already cover in my security class. However, I derived several new ideas for examples from this section. Chapter 4, "Hacking Non-public Methods and Variables of a Class" was one I found fascinating, although somewhat obvious in retrospect. For years, I have used an example of accessing the private components of a C++ object in my classes, and now I will be dong something similar in my Java classes.
Chapter 7, "Manipulating Java Security", which demonstrated how easy it is to bypass security checks, was fascinating, another demonstration of the level of vigilance needed to keep our computers safe from the malicious entities. The remaining chapters are:
* Chapter 5 Replacing and patching application classes.
* Chapter 6 Using effective tracing.
* Chapter 8 Snooping the runtime environment.
* Chapter 9 Cracking code with unorthodox debuggers.
* Chapter 10 Using profilers for application runtime analysis.
* Chapter 11 Load-testing to find and fix scalability problems.
* Chapter 12 Reverse engineering applications.
* Chapter 13 Eavesdropping techniques.
* Chapter 14 Controlling class loading.
* Chapter 15 Replacing and patching application classes.
* Chapter 16 Intercepting control flow.
* Chapter 17 Understanding and tweaking bytecode.
* Chapter 18 Total control with native code patching.
* Chapter 19 Protecting commercial applications from hacking.
There is no doubt that there is enough knowledge in this book to allow you to hack Java applications. Therefore, there will be those who consider it dangerous. My opinion is that someone with the hacker mentality will find the knowledge and use it. To criticize a book because it concentrates the knowledge misses the point of how hackers should be battled. To defeat hackers you must learn how to hack code and perform due diligence by making all the changes that will make it hard to do.
I learned a great deal from this book. Some of it was general, in that I had not realized how unsecure Java bytecode is. Most of my new knowledge was specific; I learned many different things that can be done to fix bad code, whether the problems are in code failure or in lack of security.
Anonymous said
May be my expectations were too high but I was kind of disappointed by this book.
I was hoping to find things like getting a thread dump programmatically and more useful examples.
I think that this book is for beginners to intermediate level not for advanced level developers.
Comments