Earlier this week, choc_, a friend of mine, started posting several small C programs to HVAOnline, and asking folks at that popular security forum to find, exploit, and fix the vulnerabilities in those programs. I found those challenges are very interesting, and some of are quite difficult to solve if you don't understand how C stores, and interprets integer values. They remind me of the great code auditing book "The art of software security assessment" in which the authors dedicate a whole chapter on C language issues, esp. those occur when you use integers in the wrong way.
Spot the vulnerability challenges
Spot the vulnerability challenges
Spot the vulnerability challenges
Earlier this week, choc_, a friend of mine, started posting several small C programs to HVAOnline, and asking folks at that popular security forum to find, exploit, and fix the vulnerabilities in those programs. I found those challenges are very interesting, and some of are quite difficult to solve if you don't understand how C stores, and interprets integer values. They remind me of the great code auditing book "The art of software security assessment" in which the authors dedicate a whole chapter on C language issues, esp. those occur when you use integers in the wrong way.