Educational Event Synopsis
Buffer overflow vulnerabilities can lead to an attacker taking over your systems. How can an IS auditor assess whether there are adequate safeguards mitigating such vulnerabilities?
This session shall explain buffer overflow vulnerabilities using a series of analogies, clarifying what goes on during program execution and how such bugs can be useful to an attacker. A practical session will follow during which an exploit for a vulnerable service will be written while going through the stages referred to in the analogies, keeping an eye on stack memory and CPU registers. Protection mechanisms and testing procedures IS auditors should consider will also be discussed.
Despite the technical nature of the topic, this talk will be presented in a manner appealing to any audience interested in information security.