Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Dynamic taint propagation
Posted by: ntp
Date: June 18, 2008 08:37PM

Dunno if anyone saw any of the prezos from OWASP AppSec EU 2008 - Belgium

AppSecEU08_Dynamic_Taint_Propagation_OWASP.ppt
OWASP-AppSecEU08-Petukhov.pdf
OWASP-AppSecEU08-Madou.pdf

or heard/saw/downloaded Alexander Sotirov's talk at REcon 2008 on black-box parser reversing for XSS (unrelated, but also amazing)
?

In any case, I find white-box dynamic analysis very interesting, especially when combined with the popular code review technique of taint propagation (for both vulnerability finding as well as defense). For example, the ppt above references CORE GRASP while the Madou pdf talks about outbound write instrumentation.

This really starts to move the fault-injection craze of black-box web application testing into the "smart fuzz testing" category of improved enlightenment, where additional tactics such as satisfiabilty (SAT) solvers can also be utilized.

This is very cool stuff. Ideally, it would also be combined with code comprehension, but it doesn't look like any of the researchers took it this far yet. I did see some material on symbolic execution, but no mention of CUTE/jCUTE.

Of course, there isn't any useful running code for any of this yet (besides CORE GRASP and the OWASP SPoC Python Tainted Mode), so it could make for a very interesting project for someone to pick up.
http://www.owasp.org/index.php/SpoC_007_-_Python_Tainted_Mode_-_Progress_Page

Options: ReplyQuote


Sorry, only registered users may post in this forum.