[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] Re: Jeremiah Grossman writes about buffer overflow myths
- From: "Ryan Barnett" <rcbarnett@xxxxxxxxx>
- Subject: Re: [WEB SECURITY] Re: Jeremiah Grossman writes about buffer overflow myths
- Date: Tue, 14 Mar 2006 20:40:24 -0500
------=_Part_1829_8827615.1142386824602
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Did you read the article or did you just base your response on the 2 sample
sentences sent in the email? The article quite clearly outlined the fact
that it was focusing on "custom" applications and not widely available (to
everyone, including attackers) software. This scenario greatly reduces the
likelyhood of a successful buffer overflow attack against a web application=
.
--
Ryan C. Barnett
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor: Securing Apache
GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache
On 3/14/06, ol <ol@uncon.org> wrote:
>
> > Jeremiah Grossman has written a column for SearchAppSecurity.com on the
> > realities of buffer overflows. Take a look:
>
> >Myth-busting Web application buffer overflows
>
> > http://searchappsecurity.techtarget.com/tip/1,289483,sid92_gci1172478,0=
0
> .html
>
> Slim? Oh I dunno...
> http://www.securityfocus.com/infocus/1819
>
>
>
>
> ---------------------------------------------------------------------
> The Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives
> http://www.webappsec.org/lists/websecurity/archive/
>
>
------=_Part_1829_8827615.1142386824602
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
<div>Did you read the article or did you just base your response on the 2 s=
ample sentences sent in the email? The article quite clearly outlined=
the fact that it was focusing on "custom" applications and not w=
idely available (to everyone, including attackers) software. This sce=
nario greatly reduces the likelyhood of a successful buffer overflow attack=
against a web application.
</div>
<div> </div>
<div>-- <br>Ryan C. Barnett<br>Web Application Security Consortium (WASC) M=
ember<br>CIS Apache Benchmark Project Lead<br>SANS Instructor: Securing Apa=
che<br>GCIA, GCFA, GCIH, GSNA, GCUX, GSEC<br>Author: Preventing Web Attacks=
with Apache=20
<br><br> </div>
<div><span class=3D"gmail_quote">On 3/14/06, <b class=3D"gmail_sendername">=
ol</b> <<a href=3D"mailto:ol@uncon.org";>ol@uncon.org</a>> wrote:</spa=
n>
<blockquote class=3D"gmail_quote" style=3D"PADDING-LEFT: 1ex; MARGIN: 0px 0=
px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">> Jeremiah Grossman has writt=
en a column for SearchAppSecurity.com on the<br>> realities of buffer ov=
erflows. Take a look:
<br><br>>Myth-busting Web application buffer overflows<br><br>> <a hr=
ef=3D"http://searchappsecurity.techtarget.com/tip/1,289483,sid92_gci1172478=
,00">http://searchappsecurity.techtarget.com/tip/1,289483,sid92_gci1172478,=
00
</a><br>.html<br><br>Slim? Oh I dunno...<br><a href=3D"http://www.securityf=
ocus.com/infocus/1819">http://www.securityfocus.com/infocus/1819</a><br><br=
><br><br><br>--------------------------------------------------------------=
-------
<br>The Web Security Mailing List<br><a href=3D"http://www.webappsec.org/li=
sts/websecurity/">http://www.webappsec.org/lists/websecurity/</a><br><br>Th=
e Web Security Mailing List Archives<br><a href=3D"http://www.webappsec.org=
/lists/websecurity/archive/">
http://www.webappsec.org/lists/websecurity/archive/</a><br><br></blockquote=
></div><br><br clear=3D"all"><br>
------=_Part_1829_8827615.1142386824602--
Brought to you by http://www.webappsec.org