- Intro
- Mindset
- Break all the things
- Understanding is key
- Security people are the most diverse in tech for that reason
- Mindset
- Web security
- Tools
- Burp
- XSS
- CSRF
- SQL injection
- Command injection
- Other injections
- XPath
- Arbitrary file reads/writes
- Force browsing / direct object reference
- Header injection/splitting
- Clickjacking
- Improper authentication
- Improper authorization
- Tools
- Native security
- Buffer overflows
- Stack
- Heap
- Integer overflows
- Format strings
- Use-after-free
- Double free
- Null pointer deref
- Memory reads and writes
- Information leaks
- Buffer overflows
- Native protections
- Stack protection
- Canaries
- Heap protection
- Detection of corruption
- DEP -- W^X
- ASLR
- Stack protection
- Native exploitation
- Shellcoding
- Stack buffer overflows
- Heap buffer overflows
- SEH attacks
- ROP
- Defeating ASLR
- Using information leaks
- Crypto
- Asymmetric crypto
- Symmetric crypto
- Modes
- Detection thereof
- Flipping bits
- Padding oracles
- Modes
- Hashing
- Message authentication
- Replay-style attacks
Created
August 16, 2012 03:05
-
-
Save daeken/3366052 to your computer and use it in GitHub Desktop.
Outline
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment