Shotgun Parsers in the Cross-Hairs
Offered By: BruCON Security Conference via YouTube
Course Description
Overview
Explore a critical security talk from BruCON Security Conference that delves into the dangers of "shotgun parsers" in code that handles input data. Learn why these parsers, which mix data processing and recognition throughout a codebase, are considered the primary cause of widespread insecurity in internet-facing programs. Examine examples of shotgun parsers across TCP/IP stack layers and their associated exploits. Discover a principled approach to building recognizers that can help eliminate these vulnerabilities. Gain practical insights on applying the "full recognition before processing" axiom using tools like the Hammer parsing library and the Ragel state machine compiler. Understand how proper input handling and recognition can protect against memory corruption and other security threats in software development.
Syllabus
Shotgun parsers in the cross-hairs
Taught by
BruCON Security Conference
Related Courses
Intro to Computer ScienceUniversity of Virginia via Udacity Software Engineering for SaaS
University of California, Berkeley via Coursera CS50's Introduction to Computer Science
Harvard University via edX UNSW Computing 1 - The Art of Programming
OpenLearning Mobile Robotics
Open2Study