Other Resources

  • Writing Secure Code, Second Edition by  Michael Howard and David C. LeBlanc (Microsoft Press, 2002), Chapter 5, Public Enemy #1: Buffer Overruns

  • Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows Server 2003 by David Litchfield: www.ngssoftware.com/ papers/defeating-w2k3-stack-protection.pdf

  • Non-stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT/2000/XP by David Litchfield: www.ngssoftware.com/papers/ non-stack-bo-windows.pdf

  • Blind Exploitation of Stack Overflow Vulnerabilities by Peter Winter-Smith: www.ngssoftware.com/papers/NISR.BlindExploitation.pdf

  • Creating Arbitrary Shellcode In Unicode Expanded Strings: The ˜Venetian Exploit by Chris Anley: www.ngssoftware.com/papers/unicodebo.pdf

  • Smashing The Stack For Fun And Profit by Aleph1 (Elias Levy): www. insecure .org/stf/smashstack.txt

  • The Tao of Windows Buffer Overflow by Dildog: www.cultdeadcow.com/ cDc_files/cDc-351/

  • Microsoft Security Bulletin MS04-011/Security Update for Microsoft Windows (835732): www.microsoft.com/technet/security/Bulletin/MS04-011.mspx

  • Microsoft Application Compatibility Analyzer: www.microsoft.com/ windows/appcompatibility/analyzer.mspx

  • Using the Strsafe.h Functions: http://msdn.microsoft.com/library/en-us/winui/ winui/windowsuserinterface/resources/strings/usingstrsafefunctions.asp

  • More Secure Buffer Function Calls: AUTOMATICALLY!: http:// blogs .msdn.com/michael_howard/archive/2005/2/3.aspx

  • Repel Attacks on Your Code with the Visual Studio 2005 Safe C and C++ Libraries: http://msdn.microsoft.com/msdnmag/issues/05/05/SafeCandC/default.aspx

  • strlcpy and strlcatConsistent, Safe, String Copy and Concatenation by Todd C. Miller and Theo de Raadt: www.usenix.org/events/usenix99/ millert.html

  • GCC extension for protecting applications from stack-smashing attacks: www.trl.ibm.com/projects/security/ssp/

  • PaX: http://pax.grsecurity.net/

  • OpenBSD Security: www.openbsd.org/security.html

  • Static Source Code Analysis Tools for C: http://spinroot.com/static/



19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net