AppSec Blog

Social Zombies: Your Friends Want to Eat your Brains Webcast

Kevin Johnson will be giving a cool webcast called "Social Zombies" where he "explores the various concerns related to malware delivery through social network sites. Ignoring the FUD and confusion being sowed today, this presentation will examine the risks and then present tools that can be used to exploit these issues. We discuss how social … Continue reading Social Zombies: Your Friends Want to Eat your Brains Webcast


Top 25 Series - Rank 22 - Allocation of Resources Without Limits or Throttling

A number of years ago I was conducting a black box test of a fairly large web application. As part of this testing I used an automated script to send malicious inputs to a number of forms on the site in question. I sent a lot of requests. Turned out that, under the covers, the … Continue reading Top 25 Series - Rank 22 - Allocation of Resources Without Limits or Throttling


Top 25 Series - Rank 18 - Incorrect Calculation of Buffer Size

Incorrect Calculation of Buffer Size (CWE-131) is another shameful member in the buffer overflow family. Buffer overflow is generally caused by copying or moving a piece of data to a smaller memory location hence overwriting some important data in the memory and corrupting the execution path of the computer. The most basic case of buffer … Continue reading Top 25 Series - Rank 18 - Incorrect Calculation of Buffer Size


Top 25 Series - Rank 17 - Integer Overflow Or Wraparound

The author discussion integers, wraparound and how random numbers may very much be non random if you don't know how to read the manual. Continue reading Top 25 Series - Rank 17 - Integer Overflow Or Wraparound


Top 25 Series - Rank 16 - Information Exposure Through an Error Message

Error messages can leak everything from full path names to password. A user should never be exposed to them, unless you expect them to fix the problem for you. Continue reading Top 25 Series - Rank 16 - Information Exposure Through an Error Message