The chapter below walks you through the process of providing network intrusion detection system (IDS) coverage for a security vulnerability from start to finish, using practical examples and highlighting popular and useful open source tools. 

After the process is introduced, author Ryan Trost focuses on how to write Snort signatures for more complex vulnerabilities by using features such as flowbits, Perl-Compatible Regular Expressions (PCRE), and the relatively new shared object rules, which allow the Snort intrusion detection system to leverage all the power of the C programming language. Throughout the rest of the book, Trost offers more true-life lessons learned from his network penetration testing work. See sidebar below to listen to an interview with the author.

Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century
Chapter 4: Lifecycle of a vulnerability

Table of contents: