Wednesday, July 13, 2011

Whitepaper on exploit mitigation technologies


A new whitepaper has been recently published which discusses about various exploit mitigation technologies and how to use them. Release by Microsoft Security Engineering Center.

A must for every person on software development team. Covers following:

  • economics of exploitation – attacker’s return on investment
  • Tactics behind exploit mitigation technologies like enforcing variants, creating artificial diversity, leveraging knowledge deficits
  • exploit mitigation technologies like
    • Stack buffer overrun detection
    • Data execution prevention (DEP)
    • Address Space Layout Randomization (ASLR)
    • SAFESEH and Structured Exception Handler Overwrite Protection (SEHOP)
    • Heap metadata protection
    • Enhanced Mitigation Experience Toolkit (EMET)
  • For each technology it also mentions following:
    • Overview
    • How to use
    • Proof point
    • Performance consideration
    • Compatibility considerations
    • Availability on various OS/platforms including browser versions

Download the whitepaper from here

No comments:

Post a Comment