The moose likes Security and the fly likes In need of resource for example code snippets of Vulnerable Code and corresponding Exploit Code Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "In need of resource for example code snippets of Vulnerable Code and corresponding Exploit Code" Watch "In need of resource for example code snippets of Vulnerable Code and corresponding Exploit Code" New topic
Author

In need of resource for example code snippets of Vulnerable Code and corresponding Exploit Code

Abbie Grimes
Greenhorn

Joined: Feb 02, 2014
Posts: 5
Hi Team,

I am in need of resource for example code snippets of Vulnerable Code and corresponding Exploit Code.

I have googled the internet and I find sites like Oracle Secure Code Guide and Securing Java Chpt 7, which only supply me with rules of thumb and best practices or Other website trying to sell me a learning course.

I'm looking for a resource with side by side weak code and exploit code, because I intend to run the weak code through a data structure parser I made and see if vulnerabilities still exist. I'm mostly interested in whitebox exploits that require internal knowledge of the code and data structures.

With the resources I've come across it explains how some exploits are performed but no example code or demonstrations. I don't want to spend a month writing multiple code example code snippets because there must be a resource that already exists.

Any help would be much appreciated even key phrases to search for.
Abbie Grimes
Greenhorn

Joined: Feb 02, 2014
Posts: 5
First post I've made but I've read answers on CodeRanch for a few years now, but recently I opened an account with StackExchange (Don't all boo at once) but if you're not asking a question in their format you get downvoted quicker than [insert funny reference here]. So I thought I'd try somewhere friendlier.
Campbell Ritchie
Sheriff

Joined: Oct 13, 2005
Posts: 39865
    
  28
Welcome to the Ranch

About three months ago, I had the good fortune to win a book here. That has code samples in, and was preceded by a similar book from the same authors. Maybe that will help (see link in the first post in the thread linked to).

Maybe that will help you.
Campbell Ritchie
Sheriff

Joined: Oct 13, 2005
Posts: 39865
    
  28
A few minuste ago, I wrote: . . . Maybe that will help . . .

Maybe that will help you.
I do have this dreadful tendency to repeat myself
Abbie Grimes
Greenhorn

Joined: Feb 02, 2014
Posts: 5
You are joking me, one of the authors is my old lecturer from my undergraduate, Fred Long.
Abbie Grimes
Greenhorn

Joined: Feb 02, 2014
Posts: 5
I got a copy of the book and it is an excellent resource.
I even contacted my old lecturer and had a catch up, he was very helpful.
He advised me that the resource I am requesting is not publicly available so I change of approach is going to be needed.
Thanks.
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18907
    
    8

Abbie Grimes wrote:He advised me that the resource I am requesting is not publicly available so I change of approach is going to be needed.


I guess that makes sense: publishing a document saying "Here's a list of vulnerabilities and how to exploit them" would be just asking for people to exploit those vulnerabilities!
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30948
    
158

OWASP has a sample application with vulnerabilities. They document what vulnerabilties to look for in the documentation.

And I agree the book described is excellent. I'm glad you got a copy.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Abbie Grimes
Greenhorn

Joined: Feb 02, 2014
Posts: 5
I did look at OWASP and the website was good, but I wasn't able to grab many examples of what I was.
In the end I engineered some toy examples and they work well for my purpose.
 
wood burning stoves
 
subject: In need of resource for example code snippets of Vulnerable Code and corresponding Exploit Code