Automatic exploit generation is a concept that has been studied during the last years, focusing mainly on buffer overflows located in the stack. The main objective of these works is generally to develop algorithms that produce control-flow hijacking exploits based…

A few years ago, one of the most common attacks was to take advantage of a memory corruption error such as a buffer overflow to inject code (usually shellcode) and divert the flow of control to that code. However, with…

Currently a large number of mobile applications are simple front ends of their corresponding web APIs. Although this is not a danger in itself, it brings with it a very important implication regarding the validation process of data entry: The…

The evaluation of the prototype that is developed in a scientific work is a very important part of the investigation since it determines if the proposed system fulfills its objectives and how well it does it, which is essential to…

Cross-site scripting (XSS) vulnerabilities are a fairly recurrent problem on the web even though it was publicly documented in 2000. These attacks allow a malicious actor to completely alien certain web page to inject and execute code not authorized by…

Researchers at Purdue, Politecnico di Milano and California – Irvine universities presented this summer in Usenix Security a work focused on trying to prevent and eradicate vulnerabilities caused by the abuse of variadic functions. A variadic function is one that…