Secure Coding mailing list archives
Re: Need a help for an article
From: vanderaj vanderaj <vanderaj () owasp org>
Date: Tue, 4 Jun 2013 11:34:16 +1000
Hi Punit, Good on you for selecting information security as a topic of interest. We need more grads in our field! The state of the art for buffer overflows, heap overflows, and other memory corruption bugs is so advanced that it may take you a little while to get on top of it before being able to write about it simply enough for the average Joe to understand it. They seem simple enough, but there's so much nuance and almost an obsessive amount of detail to get right to get a reliable exploit. Almost anyone can cause a program to crash, but it's the freaks who can turn an "unexploitable" null dereference bug into a workable exploit. To me, the freaks are more interesting than the exploits. I am not trying to dissuade you from writing about IT security, as many programmers think that buffer overflows are solved due to ASLR and DEP, or as soon as they use the /GS switch. This is not the case - it just makes it much harder. So it's not an "old" topic, it's now an extremely arcane topic. How much time do you want to invest in writing your article? I would suggest going down a different route - find the usual suspects on SlideShare, Twitter or Google+ who REALLY knows their stuff and ask them for an interview them to get the human angle on modern day memory exploitation trickery. This way, you don't need to necessarily master the issue, and you can report on the state of the art with a human angle. I would suggest searching for anyone who does reverse engineering for fun or a living who has > 200-500 followers as being a good starting point. The big names in our industry are generally interesting folks in their own right. In the old days, we'd call them eccentric, and to me, this is the angle that I would take time to read if done right. thanks, Andrew On Tue, Jun 4, 2013 at 1:22 AM, Punit Mehta <punit9462 () gmail com> wrote:
Hi all , I am a second year computer science undergraduate student at a university. I want to publish an article based on computer security. I had thought of some like Buffer Overflow , Heap Overflow , Format String attack etc. But they sound too old. My aim is to publish some fresh and interesting stuff based on computer security. I have searched a lot But may be because of my limited knowledge , I am not able to find out appropriate topics to work on . So , it would be grateful if someone could suggest me some nice , recent topics ( which can include secure coding in different languages or even beyond that ). I just want to get the topic and pointer to some resources from which I can learn it. Any kind of help is hearty welcomed..! :) Thanks in advance ! Regards, Punit Mehta _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
_______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- Need a help for an article Punit Mehta (Jun 03)
- Re: Need a help for an article vanderaj vanderaj (Jun 04)