[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table



On Thu, Dec 29, 2011 at 11:24 AM, adam <adam@xxxxxxxxx> wrote:
> In any case, the concept is pretty interesting.

data structures exposed to potentially malicious user input. what
could go wrong?

Big-O: a perfect case is not typical.
 real-world is sometimes not average.
   attacker inputs, they're always aiming for the worst!



> It's not a vector that most
> people would think of when securing their applications/servers. At least,
> most people I've come in contact with, anyway.

welcome to the state of 21st century infosec. :)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/