Hacker News new | past | comments | ask | show | jobs | submit login

This has been required reading for all the pentesters at my org for the past 20 years.



Should propably be required reading for every programmer and especially for those that work with memory unsafe languages. With a side of modern mitigation techniques.[0]

[0] https://en.m.wikipedia.org/wiki/Buffer_overflow (See buffer overflow protection)


A simple compare and contrast between C and zig/rust/D might be interesting - or even golang for that matter (the idea being that code could be reasonably similar, and yet somewhat idiomatic - and illustrate how the C code is exploitable, but the safe language version isn't - except when made to be).


Why? Exploitation of novel memory corruption vulnerabilities is pretty rare on penetration tests.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: