First page Back Continue Last page Summary Graphics
Secure Programming
Paranoia?
- You don't have to be crazy, but it helps!
Most programmers expect few users will encounter bug
- Users avoid triggering the bug
- Regression testing only exercises expected behaviour
- Needs more random input testing
Attackers do the opposite!
- Use absurd input to trigger a crash
- Characterise the error condition
- Abuse the bug(s) to expose a vulnerability