Rahul Verma
Director & CTO
Test Mile Software Testing Pvt Ltd
www.testmile.com
Copyright © 2015-16 Rahul Verma. All Rights...
www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved
Who am I?
• Founding Director and Chief Testing Offic...
www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved
Before we get started
www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved
Omne Ignotum
Pro Magnifico
www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved
Agenda/Methodology
5
• The Eye to Behold
• Interprete...
www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved
What Do You See?
int i = 1;
www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved
The Eye To Behold
7
http://cdnimages2014.cgdata.com/2...
www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved
Do You See It Now?
int i = 1;
www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved
Interpreted Vs Compiled Languages
Discussion
www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved
A Revised Outlook
Is Compiled Code
Interpreted?
www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved
The Difference Between Data and Code
Code – Data = ?
www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved
Command
Injection
www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved
Path Injection
www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved
HTML
Injection
www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved
Cross Site
Scripting
(Firefox)
www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved
SQL Injection
www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved
Buffer
Overflows
www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved
A parting thought…
I hear and I forget. I see and I
r...
Rahul Verma
Director & CTO
Test Mile Software Testing Pvt Ltd
www.testmile.com
Copyright © 2015-16 Rahul Verma. All Rights...
Upcoming SlideShare
Loading in …5
×

When Data Becomes Code - Understanding Injections and Overflows

1,210 views

Published on

Data becoming code via cleverly crafted payloads is one of the key security issues and is at the heart of many of the security attacks.

Published in: Software
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,210
On SlideShare
0
From Embeds
0
Number of Embeds
665
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

When Data Becomes Code - Understanding Injections and Overflows

  1. 1. Rahul Verma Director & CTO Test Mile Software Testing Pvt Ltd www.testmile.com Copyright © 2015-16 Rahul Verma. All Rights Reserved Understanding Injections & Overflows WHEN DATA BECOMES CODE
  2. 2. www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved Who am I? • Founding Director and Chief Testing Officer – Test Mile Software Testing Pvt Ltd • Founder and Principal – Talent Reboot • Author – RahulVerma.XYZ • Researcher – SALT • Founding Director & Chief Research Officer – Stealth Mode Testing research startup • One of the creators of CMAP Certification, ISTQB Foundations, Reviewer for several testing certifications • Employers from my earlier life – McAfee, Applabs, Satyam, DCM • A Testing Enthusiast • Deep interest in mobile, performance, security, Python, agility and design of test automation frameworks. Offer 1-6 day training programs in these subjects. • Spoken at all Indian testing conferences, Google TAC-2010, CONQUEST Germany
  3. 3. www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved Before we get started
  4. 4. www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved Omne Ignotum Pro Magnifico
  5. 5. www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved Agenda/Methodology 5 • The Eye to Behold • Interpreted vs Compiled Language World • A Revised look at Interpretation • Data vs Code • Breaking the Data Cage • Injection Demos
  6. 6. www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved What Do You See? int i = 1;
  7. 7. www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved The Eye To Behold 7 http://cdnimages2014.cgdata.com/248990_cgeu-275k-xs--by-nitelyhallow-d6ms9fdaiu.jpg
  8. 8. www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved Do You See It Now? int i = 1;
  9. 9. www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved Interpreted Vs Compiled Languages Discussion
  10. 10. www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved A Revised Outlook Is Compiled Code Interpreted?
  11. 11. www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved The Difference Between Data and Code Code – Data = ?
  12. 12. www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved Command Injection
  13. 13. www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved Path Injection
  14. 14. www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved HTML Injection
  15. 15. www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved Cross Site Scripting (Firefox)
  16. 16. www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved SQL Injection
  17. 17. www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved Buffer Overflows
  18. 18. www.testmile.comCopyright © 2015-16 Rahul Verma. All Rights Reserved A parting thought… I hear and I forget. I see and I remember. I do and I understand. - Confucius
  19. 19. Rahul Verma Director & CTO Test Mile Software Testing Pvt Ltd www.testmile.com Copyright © 2015-16 Rahul Verma. All Rights Reserved THANK YOU rv@testmile.com +91-9902283387

×