Why bother assessing popular software? presented at BSidesUK 2015

by David Middlehurst, James Loureiro,

Summary : Many popular software packages have gone through many iterations of white and black box testing raising the bar for attackers. Overtime the security controls become more effective, however these software packages have large evolving attack surfaces.
In this talk we discuss a case study which includes how we approached assessing Adobe Reader, how we made progress and why it is worth investing the time and effort on targets such as this. We discuss fuzzing, the sandbox and delve into the Javascript API. A refreshing look into how we can make a difference by looking at complex targets.