SBDA âsame bug, different appâ - Security Assessment
SBDA âsame bug, different appâ - Security Assessment
SBDA âsame bug, different appâ - Security Assessment
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Packet vs File<br />
• Both Are Data<br />
Both a packet and a file are methods of getting data to a target<br />
• File Data Is Still User Supplied Input<br />
This appears to be a common mistake<br />
“Why would somebody open a corrupt file?”<br />
• File Exploits Can Bypass Corporate Firewalls<br />
Vulnerabilities exploited through files that open automatically are<br />
especially dangerous<br />
• File Based Vulnerabilities Are Easier To Detect?<br />
Easier to automate the examination of files<br />
Possible to capture network traffic and examine packet dumps<br />
for strings that could be manipulated<br />
Copyright <strong>Security</strong>-<strong>Assessment</strong>.com 2005