The Art of Software Security Assessment

Blackhat USA 2007

mark July 9th, 2007

Hi there!

We would like to announce that we will be speaking at Blackhat in Las Vegas (beginning August 1) this year on the topic of C++. The basic premise for the speech is this: Most security literature about vulnerability analysis (or secure programming) for C/C++ tends to only address potential problems that can occur in C (dangerous API calls, integer overflows, pointer arithmetic, and so on). While these problems also affect C++, it is very rare that C++-specific problems are dealt with at all. As such, we are going to speak to a few problems that are specific to C++ and C++ runtime environments. There is too much material to address every potential problem that can occur in C++ in the time we have, but some of the things we intend to cover include VLA’s, the STL, and exception handling. So, if this sounds like your cup of tea, swing by and check it out!

We will also be doing a book signing on the first day of BlackHat at 12.30 PM.

Hope to see you there!

Discussion , Auditing , C/C++

Permanent Link | Trackback URI | Comments RSS

The Book

This blog provides running commentary from Mark Dowd, John McDonald, and Justin Schuh, the authors of the book: The Art of Software Security Assessment. You can purchase a copy from Amazon, or directly from the publisher, Addison-Wesley, and peruse the sample chapter on C Language vulnerabilities.
Tags
- Errata (5)
- Discussion (23)
- Auditing (9)
  - Windows (6)
  - Unix (3)
  - C/C++ (9)
  - SQL (2)
  - Web (5)
- Spot the Vuln (2)
Archives
- June 2008 (1)
- May 2008 (1)
- April 2008 (2)
- February 2008 (2)
- January 2008 (2)
- August 2007 (1)
- July 2007 (1)
- April 2007 (1)
- February 2007 (6)
- January 2007 (6)
- December 2006 (13)

The Art of Software Security Assessment

Continued ramblings on software security and code auditing

Blackhat USA 2007

Leave a Reply

The Book

Tags

Archives