O'Reilly logo

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by Justin Schuh, John McDonald, Mark Dowd

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 6. C Language Issues

“One day you will understand.”

Neel Mehta, Senior Researcher, Internet Security Systems X-Force

Introduction

When you’re reviewing software to uncover potential security holes, it’s important to understand the underlying details of how the programming language implements data types and operations, and how those details can affect execution flow. A code reviewer examining an application binary at the assembly level can see explicitly how data is stored and manipulated as well as the exact implications of an operation on a piece of data. However, when you’re reviewing an application at the source code level, some details are abstracted and less obvious. This abstraction can lead to the introduction of subtle vulnerabilities ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required