Mark Dowd, John Mcdonald & Neel Mehta: Breaking C++ Applications
Manage episode 152211985 series 1053194
Contenuto fornito da Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.. Tutti i contenuti dei podcast, inclusi episodi, grafica e descrizioni dei podcast, vengono caricati e forniti direttamente da Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. o dal partner della piattaforma podcast. Se ritieni che qualcuno stia utilizzando la tua opera protetta da copyright senza la tua autorizzazione, puoi seguire la procedura descritta qui https://it.player.fm/legal.
This presentation addresses the stated problem by focusing specifically on C++-based security, and outlines types of vulnerabilities that can exist in C++ applications. It will examine not only the base language, but also covers APIs and auxillary functionality provided by common platforms, primarily the contemporary Windows OSs. The topics that will be addressed in this presentation include object initialization/destruction, handling object arrays, implications of operator overloading, and problems arising from implementing exception handling functionality. Various STL classes will also be discussed in terms of how they might be susceptible to misuse, and unexpected quirks that can manifest as security problems. This presentation will include discussion of bug classes that have yet to be discussed or exploited in a public forum (to our knowledge) for the topic areas outlined.
…
continue reading
89 episodi