Difference between revisions of "OWASP O2 Platform/Microsoft/ActiveX"

From OWASP
Jump to: navigation, search
(Created page with 'This page contains information on how to test ActiveX controls == Security Issues with ActiveX == {list the common problems with ActiveX} == using O2 == One strategy to test Ac…')
 
(One intermediate revision by one user not shown)
Line 3: Line 3:
 
== Security Issues with ActiveX ==
 
== Security Issues with ActiveX ==
 
{list the common problems with ActiveX}
 
{list the common problems with ActiveX}
 +
 +
== Tools to test ActiveX for Buffer Overflows ==
 +
* http://digitaloffense.net/tools/axman/
  
 
== using O2 ==
 
== using O2 ==
Line 14: Line 17:
 
** [http://bytes.com/topic/asp-net/answers/308854-how-create-activex-control-using-c-use-asp-net-webform How to create Activex Control using C# and Use it in ASP.NET webform?]
 
** [http://bytes.com/topic/asp-net/answers/308854-how-create-activex-control-using-c-use-asp-net-webform How to create Activex Control using C# and Use it in ASP.NET webform?]
 
** [http://bytes.com/topic/asp-net/answers/760244-asp-net-activex-object-windows-api-access ASP.NET ActiveX Object Windows API Access]
 
** [http://bytes.com/topic/asp-net/answers/760244-asp-net-activex-object-windows-api-access ASP.NET ActiveX Object Windows API Access]
 +
 +
  
 
{{Template:Stub}}
 
{{Template:Stub}}
 +
 +
  
 
{{:OWASP_O2_Platform/WIKI/bottom}}
 
{{:OWASP_O2_Platform/WIKI/bottom}}

Revision as of 18:33, 7 December 2009

This page contains information on how to test ActiveX controls

Contents

Security Issues with ActiveX

{list the common problems with ActiveX}

Tools to test ActiveX for Buffer Overflows

using O2

One strategy to test ActiveX with O2 would be to create a .NET stub around it and then use it to invoke the ActiveX methods

The OWASP .NET tool (couple years old) DN_BOFinder (download from SF) is a .NET Fuzzer which is able to intelligently fuzz .NET assemblies and the COM objects it exposes (see also Buffer_OverFlow_in_ILASM_and_ILDASM

Research Links


This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.





go back to the main OWASP O2 Platform page