[WEB SECURITY] Re: Jeremiah Grossman writes about buffer overflow myths

Ryan Barnett rcbarnett at gmail.com
Tue Mar 14 20:40:24 EST 2006

Did you read the article or did you just base your response on the 2 sample
sentences sent in the email?  The article quite clearly outlined the fact
that it was focusing on "custom" applications and not widely available (to
everyone, including attackers) software.  This scenario greatly reduces the
likelyhood of a successful buffer overflow attack against a web application.

Ryan C. Barnett
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor: Securing Apache
Author: Preventing Web Attacks with Apache

On 3/14/06, ol <ol at uncon.org> wrote:
> > Jeremiah Grossman has written a column for SearchAppSecurity.com on the
> > realities of buffer overflows. Take a look:
> >Myth-busting Web application buffer overflows
> > http://searchappsecurity.techtarget.com/tip/1,289483,sid92_gci1172478,00
> .html
> Slim? Oh I dunno...
> http://www.securityfocus.com/infocus/1819
> ---------------------------------------------------------------------
> The Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/
> The Web Security Mailing List Archives
> http://www.webappsec.org/lists/websecurity/archive/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20060314/29cdc8d6/attachment.html>

More information about the websecurity mailing list