YoVDO

Java Every-Days - Exploiting Software Running on 3 Billion Devices

Offered By: Black Hat via YouTube

Tags

Black Hat Courses JavaFX Courses Software Vulnerabilities Courses Threat Landscape Courses Remote Code Execution Courses Vulnerability Research Courses Memory Corruption Courses Java Security Courses

Course Description

Overview

Explore the evolving landscape of Java vulnerabilities and exploitation techniques in this Black Hat USA 2013 conference talk. Delve into the security challenges faced by Oracle Java over a three-year period, examining vulnerability trends, attack surfaces, and the shift from classic memory corruption issues to abuses of the reflection API. Gain insights into the top five vulnerability types submitted to the Zero Day Initiative (ZDI) program, and learn about specific weaknesses in Java sub-components. Analyze how attackers and exploit kit authors leverage these vulnerabilities, and discover the techniques used in the Pwn2Own competition. Understand Oracle's response to recent security issues and the steps taken to address them. Equip yourself with valuable knowledge for vulnerability research and auditing of Java components in this comprehensive exploration of Java security.

Syllabus

Intro
Solution
Introduction
Vulnerability Sample Set
Oracle Java's Footprint and Software Architecture
Vulnerability Trending and Attack Surface
Vulnerability Statistics 2011-2013
Oracle Java Patch Statistics
Zero Day Initiative Submission Trends
Insight into Vulnerability Classes (CWE)
CWE-265 Breakdown and Historical Timeline
Styles of Memory Corruption
Top 7 Vulnerability Classes in the Java
Extrapolating Sub-component Weaknesses
Java Sub-component Weaknesses
Library Sub-component Weaknesses
2D Sub-component Weaknesses
JavaFX Sub-component Weaknesses
Leveraging Sub-component Weaknesses
Threat Landscape
Vulnerability Prevalence in Toolkits
Exploitation Techniques
Case Study
Vendor Response Review
Handling Vulnerability Disclosure
Package Restriction List Modifications
Oracle Weathered Quite The Storm
Good Luck Bug Hunting!


Taught by

Black Hat

Related Courses

Starting GUI Programming with JavaFX
Coursera Project Network via Coursera
Learn Java and JavaFX by creating a Graphical Calculator
Coursera Project Network via Coursera
تعلم Java و JavaFX من خلال عمل آلة حاسبة
Coursera Project Network via Coursera
Introduction to Object-Oriented Programming with Java III: Exceptions, Data Structures, Recursion, and GUIs
Georgia Institute of Technology via edX
Ultimate Java Bootcamp | Build Java GUI and JavaFX Projects
Udemy