Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Вміст надано Black Hat/ CMP Media, Inc. and Jeff Moss. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Black Hat/ CMP Media, Inc. and Jeff Moss або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
Схожі до Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference.
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Daily update on current cyber security threats
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
From smart phones to smart homes, the Android Police Podcast gives you exactly what you need from a tech podcast - no more, no less. Every week, each of our hosts curate topics to talk about. It could be tracking through your newsfeed or a passion project or two. We're centered on Android, but go far and wide, so if you're looking for good talk that won't waste your time, listen and subscribe.
…
continue reading
Player FM - додаток Podcast
Переходьте в офлайн за допомогою програми Player FM !
Переходьте в офлайн за допомогою програми Player FM !
))
Jeff Morin: Type Conversion Errors: How a Little Data Type Can Do a Whole Lot of Damage
Manage episode 153226778 series 1085097
Вміст надано Black Hat/ CMP Media, Inc. and Jeff Moss. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Black Hat/ CMP Media, Inc. and Jeff Moss або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
In the realm of application testing, one of the major, but most often overlooked vulnerabilities, is that of type conversion errors. These errors result from input variable values being used throughout the many areas and codebases that make up the application, and in doing so, are potentially treated as different data types throughout the processing. The application functions correctly and without issue because the values of the input variable are anticipated, even though they are treated in different areas as different data types. The issue arises then when a value is input into one of these variables that is crafted in such a way as to be successfully manipulated by some data types, while failing others, resulting in the application behaving in unanticipated and potentially dangerous ways. These vulnerabilities are much more difficult to identify than simple error-based SQL injection or XSS as they don't readily display success or failure, rather can manifest themselves in other areas or at a later time. This also makes them very dangerous in that the application behaves in completely unanticipated ways, potentially resulting in circumvented authentication and authorization, Denial of Service, elevated privileges, etc.
This talk explores the security pitfalls that result from type conversion errors, how to identify them, and proposes some solutions for identification going forward.
…
continue reading
This talk explores the security pitfalls that result from type conversion errors, how to identify them, and proposes some solutions for identification going forward.
89 епізодів
Jeff Morin: Type Conversion Errors: How a Little Data Type Can Do a Whole Lot of Damage
Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference.
Поширити
Manage episode 153226778 series 1085097
Вміст надано Black Hat/ CMP Media, Inc. and Jeff Moss. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Black Hat/ CMP Media, Inc. and Jeff Moss або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
In the realm of application testing, one of the major, but most often overlooked vulnerabilities, is that of type conversion errors. These errors result from input variable values being used throughout the many areas and codebases that make up the application, and in doing so, are potentially treated as different data types throughout the processing. The application functions correctly and without issue because the values of the input variable are anticipated, even though they are treated in different areas as different data types. The issue arises then when a value is input into one of these variables that is crafted in such a way as to be successfully manipulated by some data types, while failing others, resulting in the application behaving in unanticipated and potentially dangerous ways. These vulnerabilities are much more difficult to identify than simple error-based SQL injection or XSS as they don't readily display success or failure, rather can manifest themselves in other areas or at a later time. This also makes them very dangerous in that the application behaves in completely unanticipated ways, potentially resulting in circumvented authentication and authorization, Denial of Service, elevated privileges, etc.
This talk explores the security pitfalls that result from type conversion errors, how to identify them, and proposes some solutions for identification going forward.
…
continue reading
This talk explores the security pitfalls that result from type conversion errors, how to identify them, and proposes some solutions for identification going forward.
89 епізодів
Alla avsnitt
×
Ласкаво просимо до Player FM!
Player FM сканує Інтернет для отримання високоякісних подкастів, щоб ви могли насолоджуватися ними зараз. Це найкращий додаток для подкастів, який працює на Android, iPhone і веб-сторінці. Реєстрація для синхронізації підписок між пристроями.
Схожі до Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference.
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Daily update on current cyber security threats
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
From smart phones to smart homes, the Android Police Podcast gives you exactly what you need from a tech podcast - no more, no less. Every week, each of our hosts curate topics to talk about. It could be tracking through your newsfeed or a passion project or two. We're centered on Android, but go far and wide, so if you're looking for good talk that won't waste your time, listen and subscribe.
…
continue reading
Player FM - додаток Podcast
Переходьте в офлайн за допомогою програми Player FM !
Переходьте в офлайн за допомогою програми Player FM !
