The Art of Software Security Assessment

Archive for April, 2008

CansecWest Slides

mark April 22nd, 2008

Hey there,

As we mentioned a while ago on this blog, John and I presented at CansecWest on finding vulnerabilities in Windows media software. We have uploaded the slides now to our website, and you can download them here.

Exploiting Flash Reliably

mark April 12th, 2008

Adobe released a patch recently for the Flash Player application that addresses several vulnerabilities, one of which I discovered. Although it initially seemed like the ability to exploit this bug was fairly limited, I found an interesting methodology that I was able to use to reliably exploit the bug. I have documented the details of it for interested readers here.

Enjoy!

The Book

This blog provides running commentary from Mark Dowd, John McDonald, and Justin Schuh, the authors of the book: The Art of Software Security Assessment. You can purchase a copy from Amazon, or directly from the publisher, Addison-Wesley, and peruse the sample chapter on C Language vulnerabilities.
Tags
- Errata (5)
- Discussion (31)
- Auditing (9)
  - Windows (6)
  - Unix (3)
  - C/C++ (9)
  - SQL (2)
  - Web (5)
- Spot the Vuln (2)
Archives
- July 2009 (2)
- November 2008 (2)
- October 2008 (1)
- August 2008 (2)
- June 2008 (1)
- May 2008 (1)
- April 2008 (2)
- February 2008 (2)
- January 2008 (2)
- August 2007 (1)
- July 2007 (1)
- April 2007 (1)
- February 2007 (6)
- January 2007 (6)
- December 2006 (13)

Continued ramblings on software security and code auditing

Archive for April, 2008

CansecWest Slides

Exploiting Flash Reliably

The Book

Tags

Archives