понедельник, 11 января 2010 г.

NULL pointer dereference flaw -> vulnerability

NULL pointer dereference is a common implementation-time flaw. Sometimes this flaw becomes a vulnerability. Strangely, but this is because of a bad design.


To illustrate this, let us consider a network application. Suppose, it dereferences a NULL pointer under certain circumstances. In order for this flaw to become a vulnerability, a single user should have an opportunity to interrupt application services exploiting NULL pointer dereference. Obviously, this is a bad design decision.


This is the way implementation-time flaw becomes a design-time vulnerability.

Комментариев нет:

Отправить комментарий