O'Reilly logo

A Bug Hunter's Diary by Tobias Klein

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

2.4 Lessons Learned

As a programmer:

  • Never trust user input (this includes file data, network data, etc.).

  • Never use unvalidated length or size values.

  • Always make use of the exploit mitigation techniques offered by modern operating systems wherever possible. Under Windows, software has to be compiled with Microsoft’s Visual C++ 2005 SP1 or later, and the appropriate compiler and linker options have to be used. In addition, Microsoft has released the Enhanced Mitigation Experience Toolkit,[20] which allows specific mitigation techniques to be applied without recompilation.

As a user of media players:

  • Don’t ever trust media file extensions (see Section 2.5 below).

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required