Exploiting
Software:
How to Break Code
Commercial security is reactive
Attaining software security is gets harder
Normalized (and slightly shifted) data from Geer
The good news and the bad news
Security problems are complicated
Attackers do not distinguish bugs and flaws
Attacker’s toolkit: dissasemblers and decompilers
Attacker’s toolkit: control flow and coverage
Attacker’s toolkit: buffer overflow foo
Attacker’s toolkit: shell code and other payloads
Attacker’s toolkit: other miscellaneous tools
Attack pattern 1:
Make the client invisible
Software security critical lessons
Ten guiding principles for secure design
Software security in <any> SDLC
Software security best practices