Study of vulnerabilities

Fall 2009

Student
Abeer Agrawal
Advisor
David Brumley
Project description

Objectives: To study various types of web-based and local exploits, including buffer, string and integer overflows, to learn how to come up with exploits for them and to prevent these. Also to study automatic patch based exploitation techniques and how effective they are against such bugs.

Methods: Reference various papers, such as the famous Smashing the Stack for Fun and Profit, study web based and other vulnerabilities using online resources such as the website securityfocus.org. Identify and write exploits for open source software such as Linux.

Anticipated Results: To be able to identify vulnerabilities and write suitable exploits for these given buggy code. To be able to identify and prevent web-based vulnerabilities.

Return to project list