Difference between revisions of "Native Methods"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
The moment you start writing native methods you leave the Java security manager and memory protection faculties. Don't do it.
+
The moment you see native methods (which leave the Java security manager and memory protection), you know you found an area that might contain potential Buffer Overflows, or other C++ type vulnerabilities.
 +
 
 +
In the .Net Framework this is even more problematic due to the high usage of unmanaged COM objects (Note to Dinis: Put here details about his 'Buffer Overlfows on the .Net Framework' Research)

Revision as of 10:09, 18 January 2007

The moment you see native methods (which leave the Java security manager and memory protection), you know you found an area that might contain potential Buffer Overflows, or other C++ type vulnerabilities.

In the .Net Framework this is even more problematic due to the high usage of unmanaged COM objects (Note to Dinis: Put here details about his 'Buffer Overlfows on the .Net Framework' Research)