A new whitepaper has been recently published which discusses about various exploit mitigation technologies and how to use them. Release by Microsoft Security Engineering Center.
A must for every person on software development team. Covers following:
- economics of exploitation – attacker’s return on investment
- Tactics behind exploit mitigation technologies like enforcing variants, creating artificial diversity, leveraging knowledge deficits
- exploit mitigation technologies like
- Stack buffer overrun detection
- Data execution prevention (DEP)
- Address Space Layout Randomization (ASLR)
- SAFESEH and Structured Exception Handler Overwrite Protection (SEHOP)
- Heap metadata protection
- Enhanced Mitigation Experience Toolkit (EMET)
- For each technology it also mentions following:
- Overview
- How to use
- Proof point
- Performance consideration
- Compatibility considerations
- Availability on various OS/platforms including browser versions
Download the whitepaper from here http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=26788
No comments:
Post a Comment