All geek questions in one place

How are usually client security vulnerabilities detected?

I mean in operating systems or their applications. The only way I can think of is to examine the binaries to use dangerous functions like strcpy () and then try to use them. Although with the improvement of the compiler, for example, using Visual Studio / GS, this feature should mainly be a thing of the past. Or I'm wrong?

What other methods do people use to search for vulnerabilities? Just load your target into the debugger, then send unexpected input and see what happens? This seems like a long and tedious process.

Can anyone recommend some good books or websites on this subject?

Thanks in advance.

+3
source share
2 answers

There are two main problems with Client Side Security.

The most common client being exploited today is the “Drive By Downloadsbrowser . The memory vulnerabilities are most often to blame. ActiveX com objects were a common path on Windows and AxMan is a good ActiveX fluxer.

/GS - , , . , EIP. NX - , ASLR , ASLR . . IE 8 Windows 7 , , pwn2own, , .

" " CWE-602: , (, ) , -.

. WireShark - - /. TamperData - , , Flash JavaScript. , , , - , , , , .

. . Flash , . - , , OllyDBG, . IDA-Pro - C/++.

+2

, 2- , .

0

Source: https://habr.com/ru/post/1749859/

More articles:


All Articles