Exploiting
Software:
How to Break Code
"Software Quality Management solutions"
Commercial security is reactive
Making software behave is hard
Attaining software security is even harder
Modern security is about managing risks
Security problems are complicated
BUG: The dreaded buffer overflow
Pervasive C problems lead to BUGS
FLAW: Architectural problems with Java
Attackers do not distinguish bugs and flaws
Attacker’s toolkit: dissasemblers and decompilers
Attacker’s toolkit: control flow and coverage
Attacker’s toolkit: breakpoints
Attacker’s toolkit: the buffer overflow
Attacker’s toolkit: shell code and other payloads
Attacker’s toolkit: other miscellaneous tools
Attack pattern 1:
Make the client invisible
Attack pattern 2:
Command delimiters
Attack pattern 3:
Cross site scripting
Software security critical lessons
Ten guiding principles for secure design
The antidote: Software security in the SDLC