Friday, 11 April 2008
Reliable exploitation of software vulnerabilities has continued to become more difficult as formidable mitigations have been established and are now included by default with most modern operating systems. Future exploitation of software vulnerabilities will rely on either discovering ways to circumvent these mitigations or uncovering flaws that are not adequately protected. Since the majority of the mitigations that exist today lack universal bypass techniques, it has become more fruitful to take the latter approach. It is in this vein that this paper introduces the concept of exploitation properties and describes how they can be used to better understand the exploitability of a system irrespective of a particular vulnerability. Perceived exploitability is of utmost importance to both an attacker and to a defender given the presence of modern mitigations. The ANI vulnerability (MS07-017) is used to help illustrate these points by acting as a simple example of a vulnerability that may have been more easily identified as code that should have received additional scrutiny by taking exploitation properties into consideration.
Wednesday, 7 November 2007
What Every Engineer Needs to Know About Web Security and Where to Learn It
Presenter: Neil Daswani
Posted by V for Vlamenoi ;) at 7.11.07
Labels: cross-site scripting, sql injection, web software security comments (0)
Monday, 5 November 2007
Analysis of Compromised Linux Server
These slides demonstrate the process used to analyze a compromised (hacked) Linux Server.
How not to get hacked!
The common ways that web applications can be attacked and what you need to do to prevent it.
Posted by V for Vlamenoi ;) at 5.11.07
Labels: file uploads, javascript injection, sql injection, web comments (0)
Subscribe to:
Posts (Atom)