The Exploit Arms Race presented at OWASP BASC 2010

by Christien ( Dildog ) Rioux (Veracode ),

Tags: Security Exploitation Cyberwar


Summary : As defenses to exploits have become more sophisticated, so have the attacks required to circumvent them. A historical perspective will be presented, elaborating on the techniques used and the real reason why they were developed. Modern exploit technique has its roots in solving problems for the attacker, resulting in advanced exploits for the following categories of flaw: Stack Overflows, Heap Overflows, Cross-Site Scripting, SQL Injection, and Path Manipulations. Learn about the roots of techniques like Stack cookies/Stackguard/Run-Time Stack Checking, DEP and ASLR, from attacks like trampolining, return-oriented programming, the evolution of fuzzing techniques, static and dynamic analysis for both attacking software.

Christien ( Dildog ) Rioux: Christien Rioux is co-founder and chief scientist of Veracode, the world's only binary-analysis powered online application risk management service. Prior to Veracode, he was a founder at security consulting firm @stake, a member of the hacker think-tank L0pht Heavy Industries, and a graduate of Massachusetts Institute Of Technology. Today, he focuses on algorithms to automate the difficult task of reverse-engineering and analyzing binaries for security vulnerabilities.