Summary

This chapter starts with a few COM and ActiveX basics, such as creating test cases in HTML and exploring some important details about the Internet Explorer ActiveX security model. Leveraging this foundation to explain the core ActiveX repurposing security issue precedes a clear methodology for learning more about your control and doing member-level threat modeling and testing. Specific, prioritized classes of issues are presented, with examples. Next the discussion expands on the basics to give a number of real world additional specific test cases of interest used by attackers , such as nested objects and error handling, among others. The chapter finishes with an in-depth ( optionally hands-on) walkthrough of testing controls, demonstrating and further detailing the concepts covered in this chapter and throughout the book as they apply to controls.



Hunting Security Bugs
Hunting Security Bugs
ISBN: 073562187X
EAN: 2147483647
Year: 2004
Pages: 156

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net