Mark Dowd, John Mcdonald & Neel Mehta: Breaking C++ Applications
MP4•Home de episódios
Manage episode 152211985 series 1053194
Conteúdo fornecido por Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.. Todo o conteúdo do podcast, incluindo episódios, gráficos e descrições de podcast, é carregado e fornecido diretamente por Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. ou por seu parceiro de plataforma de podcast. Se você acredita que alguém está usando seu trabalho protegido por direitos autorais sem sua permissão, siga o processo descrito aqui https://pt.player.fm/legal.
This presentation addresses the stated problem by focusing specifically on C++-based security, and outlines types of vulnerabilities that can exist in C++ applications. It will examine not only the base language, but also covers APIs and auxillary functionality provided by common platforms, primarily the contemporary Windows OSs. The topics that will be addressed in this presentation include object initialization/destruction, handling object arrays, implications of operator overloading, and problems arising from implementing exception handling functionality. Various STL classes will also be discussed in terms of how they might be susceptible to misuse, and unexpected quirks that can manifest as security problems. This presentation will include discussion of bug classes that have yet to be discussed or exploited in a public forum (to our knowledge) for the topic areas outlined.
…
continue reading
89 episódios