The Art of Software Security Assessment

Archive for July, 2009

BlackHat 2009 Whitepaper: Attacking Interoperability

mark July 29th, 2009

Our BlackHat 2009 Whitepaper is now available here. Here we discuss the details of the stuff we are presenting, including the ATL vulnerabilities and Killbit bypass. We also discuss some vulnerability classes that are unique to interoperability layers - primarily type confusion and object retention.

Hope to see some of you in the talk!

BlackHat USA 2009 - Attacking Interoperability

mark July 17th, 2009

David Dewey, Ryan Smith, and myself are speaking at the upcoming BlackHat conference on Attacking Interoperability. I have written an overview of what our speech is going to contain and it is available on the ISS blog here.

The Book

This blog provides running commentary from Mark Dowd, John McDonald, and Justin Schuh, the authors of the book: The Art of Software Security Assessment. You can purchase a copy from Amazon, or directly from the publisher, Addison-Wesley, and peruse the sample chapter on C Language vulnerabilities.
Tags
- Errata (5)
- Discussion (31)
- Auditing (9)
  - Windows (6)
  - Unix (3)
  - C/C++ (9)
  - SQL (2)
  - Web (5)
- Spot the Vuln (2)
Archives
- July 2009 (2)
- November 2008 (2)
- October 2008 (1)
- August 2008 (2)
- June 2008 (1)
- May 2008 (1)
- April 2008 (2)
- February 2008 (2)
- January 2008 (2)
- August 2007 (1)
- July 2007 (1)
- April 2007 (1)
- February 2007 (6)
- January 2007 (6)
- December 2006 (13)

Continued ramblings on software security and code auditing

Archive for July, 2009

BlackHat 2009 Whitepaper: Attacking Interoperability

BlackHat USA 2009 - Attacking Interoperability

The Book

Tags

Archives