The Natural History of Appsec
We’re watching a zero-day in the wild as it approaches a buffer that’s been separated from its pointer authentication code.
Neither the buffer nor the nearby stack canaries, which enjoy a symbiotic relationship with these regions of memory, have noticed the approach.
Unaware of this danger, the buffer consumes data.
What if we approached appsec with the same wonder as that towards the natural world?
This was, of course, a nod to David Attenborough and his documentaries on nature, dinosaurs, and Earth. He has the most amazing ability to evoke the wonder and drama of nature through narration that educates as much as it entertains. He has produced, written, and narrated several documentaries. One of the most popular is BBC Earth.
In the news segment, Joe South joined us to talk about path traversal (my favorite vuln) and an article about OAuth flaws that referenced the movie Dirty Dancing – another sure way to get my attention.