This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Контент предоставлен Black Hat/ CMP Media, Inc. and Jeff Moss. Весь контент подкастов, включая эпизоды, графику и описания подкастов, загружается и предоставляется непосредственно компанией Black Hat/ CMP Media, Inc. and Jeff Moss или ее партнером по платформе подкастов. Если вы считаете, что кто-то использует вашу работу, защищенную авторским правом, без вашего разрешения, вы можете выполнить процедуру, описанную здесь https://ru.player.fm/legal.
Похожие на Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference.
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Daily update on current cyber security threats
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Get ready for a weekly dose of all things Enterprise Software and Cloud Computing! Join us as we dive into topics including Kubernetes, DevOps, Serverless, Security and Coding. Plus, we’ll keep you entertained with plenty of off-topic banter and nonsense. Don’t worry if you miss the latest industry conference - we’ve got you covered with recaps of all the latest news from AWS, Microsoft Azure, Google Cloud Platform (GCP) and the Cloud Native Computing Foundation (CNCF).
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
A weekly podcast show about Indian startups, entrepreneurs, and more! Hosted by Neil Patel & Friends
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM - приложение для подкастов
Работайте офлайн с приложением Player FM !
Работайте офлайн с приложением Player FM !
))
Jeff Morin: Type Conversion Errors: How a Little Data Type Can Do a Whole Lot of Damage
Manage episode 153226778 series 1085097
Контент предоставлен Black Hat/ CMP Media, Inc. and Jeff Moss. Весь контент подкастов, включая эпизоды, графику и описания подкастов, загружается и предоставляется непосредственно компанией Black Hat/ CMP Media, Inc. and Jeff Moss или ее партнером по платформе подкастов. Если вы считаете, что кто-то использует вашу работу, защищенную авторским правом, без вашего разрешения, вы можете выполнить процедуру, описанную здесь https://ru.player.fm/legal.
In the realm of application testing, one of the major, but most often overlooked vulnerabilities, is that of type conversion errors. These errors result from input variable values being used throughout the many areas and codebases that make up the application, and in doing so, are potentially treated as different data types throughout the processing. The application functions correctly and without issue because the values of the input variable are anticipated, even though they are treated in different areas as different data types. The issue arises then when a value is input into one of these variables that is crafted in such a way as to be successfully manipulated by some data types, while failing others, resulting in the application behaving in unanticipated and potentially dangerous ways. These vulnerabilities are much more difficult to identify than simple error-based SQL injection or XSS as they don't readily display success or failure, rather can manifest themselves in other areas or at a later time. This also makes them very dangerous in that the application behaves in completely unanticipated ways, potentially resulting in circumvented authentication and authorization, Denial of Service, elevated privileges, etc.
This talk explores the security pitfalls that result from type conversion errors, how to identify them, and proposes some solutions for identification going forward.
…
continue reading
This talk explores the security pitfalls that result from type conversion errors, how to identify them, and proposes some solutions for identification going forward.
89 эпизодов
Jeff Morin: Type Conversion Errors: How a Little Data Type Can Do a Whole Lot of Damage
Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference.
Поделиться
Manage episode 153226778 series 1085097
Контент предоставлен Black Hat/ CMP Media, Inc. and Jeff Moss. Весь контент подкастов, включая эпизоды, графику и описания подкастов, загружается и предоставляется непосредственно компанией Black Hat/ CMP Media, Inc. and Jeff Moss или ее партнером по платформе подкастов. Если вы считаете, что кто-то использует вашу работу, защищенную авторским правом, без вашего разрешения, вы можете выполнить процедуру, описанную здесь https://ru.player.fm/legal.
In the realm of application testing, one of the major, but most often overlooked vulnerabilities, is that of type conversion errors. These errors result from input variable values being used throughout the many areas and codebases that make up the application, and in doing so, are potentially treated as different data types throughout the processing. The application functions correctly and without issue because the values of the input variable are anticipated, even though they are treated in different areas as different data types. The issue arises then when a value is input into one of these variables that is crafted in such a way as to be successfully manipulated by some data types, while failing others, resulting in the application behaving in unanticipated and potentially dangerous ways. These vulnerabilities are much more difficult to identify than simple error-based SQL injection or XSS as they don't readily display success or failure, rather can manifest themselves in other areas or at a later time. This also makes them very dangerous in that the application behaves in completely unanticipated ways, potentially resulting in circumvented authentication and authorization, Denial of Service, elevated privileges, etc.
This talk explores the security pitfalls that result from type conversion errors, how to identify them, and proposes some solutions for identification going forward.
…
continue reading
This talk explores the security pitfalls that result from type conversion errors, how to identify them, and proposes some solutions for identification going forward.
89 эпизодов
Все серии
×
Добро пожаловать в Player FM!
Player FM сканирует Интернет в поисках высококачественных подкастов, чтобы вы могли наслаждаться ими прямо сейчас. Это лучшее приложение для подкастов, которое работает на Android, iPhone и веб-странице. Зарегистрируйтесь, чтобы синхронизировать подписки на разных устройствах.
Похожие на Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference.
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Daily update on current cyber security threats
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Get ready for a weekly dose of all things Enterprise Software and Cloud Computing! Join us as we dive into topics including Kubernetes, DevOps, Serverless, Security and Coding. Plus, we’ll keep you entertained with plenty of off-topic banter and nonsense. Don’t worry if you miss the latest industry conference - we’ve got you covered with recaps of all the latest news from AWS, Microsoft Azure, Google Cloud Platform (GCP) and the Cloud Native Computing Foundation (CNCF).
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
A weekly podcast show about Indian startups, entrepreneurs, and more! Hosted by Neil Patel & Friends
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
Player FM - приложение для подкастов
Работайте офлайн с приложением Player FM !
Работайте офлайн с приложением Player FM !
