Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Innehåll tillhandahållet av Black Hat/ CMP Media, Inc. and Jeff Moss. Allt poddinnehåll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahålls direkt av Black Hat/ CMP Media, Inc. and Jeff Moss eller deras podcastplattformspartner. Om du tror att någon använder ditt upphovsrättsskyddade verk utan din tillåtelse kan du följa processen som beskrivs här https://sv.player.fm/legal.
Player FM - Podcast-app
Gå offline med appen Player FM !
Gå offline med appen Player FM !
Jeff Morin: Type Conversion Errors: How a Little Data Type Can Do a Whole Lot of Damage
MP3•Episod hem
Manage episode 153226778 series 1085097
Innehåll tillhandahållet av Black Hat/ CMP Media, Inc. and Jeff Moss. Allt poddinnehåll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahålls direkt av Black Hat/ CMP Media, Inc. and Jeff Moss eller deras podcastplattformspartner. Om du tror att någon använder ditt upphovsrättsskyddade verk utan din tillåtelse kan du följa processen som beskrivs här https://sv.player.fm/legal.
In the realm of application testing, one of the major, but most often overlooked vulnerabilities, is that of type conversion errors. These errors result from input variable values being used throughout the many areas and codebases that make up the application, and in doing so, are potentially treated as different data types throughout the processing. The application functions correctly and without issue because the values of the input variable are anticipated, even though they are treated in different areas as different data types. The issue arises then when a value is input into one of these variables that is crafted in such a way as to be successfully manipulated by some data types, while failing others, resulting in the application behaving in unanticipated and potentially dangerous ways. These vulnerabilities are much more difficult to identify than simple error-based SQL injection or XSS as they don't readily display success or failure, rather can manifest themselves in other areas or at a later time. This also makes them very dangerous in that the application behaves in completely unanticipated ways, potentially resulting in circumvented authentication and authorization, Denial of Service, elevated privileges, etc.
This talk explores the security pitfalls that result from type conversion errors, how to identify them, and proposes some solutions for identification going forward.
…
continue reading
This talk explores the security pitfalls that result from type conversion errors, how to identify them, and proposes some solutions for identification going forward.
89 episoder
Jeff Morin: Type Conversion Errors: How a Little Data Type Can Do a Whole Lot of Damage
Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference.
MP3•Episod hem
Manage episode 153226778 series 1085097
Innehåll tillhandahållet av Black Hat/ CMP Media, Inc. and Jeff Moss. Allt poddinnehåll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahålls direkt av Black Hat/ CMP Media, Inc. and Jeff Moss eller deras podcastplattformspartner. Om du tror att någon använder ditt upphovsrättsskyddade verk utan din tillåtelse kan du följa processen som beskrivs här https://sv.player.fm/legal.
In the realm of application testing, one of the major, but most often overlooked vulnerabilities, is that of type conversion errors. These errors result from input variable values being used throughout the many areas and codebases that make up the application, and in doing so, are potentially treated as different data types throughout the processing. The application functions correctly and without issue because the values of the input variable are anticipated, even though they are treated in different areas as different data types. The issue arises then when a value is input into one of these variables that is crafted in such a way as to be successfully manipulated by some data types, while failing others, resulting in the application behaving in unanticipated and potentially dangerous ways. These vulnerabilities are much more difficult to identify than simple error-based SQL injection or XSS as they don't readily display success or failure, rather can manifest themselves in other areas or at a later time. This also makes them very dangerous in that the application behaves in completely unanticipated ways, potentially resulting in circumvented authentication and authorization, Denial of Service, elevated privileges, etc.
This talk explores the security pitfalls that result from type conversion errors, how to identify them, and proposes some solutions for identification going forward.
…
continue reading
This talk explores the security pitfalls that result from type conversion errors, how to identify them, and proposes some solutions for identification going forward.
89 episoder
Tüm bölümler
×Välkommen till Player FM
Player FM scannar webben för högkvalitativa podcasts för dig att njuta av nu direkt. Den är den bästa podcast-appen och den fungerar med Android, Iphone och webben. Bli medlem för att synka prenumerationer mellan enheter.