Explore the security implications of incorporating open-source components into closed-source applications in this 41-minute conference talk from Recon 2017 Brussels. Delve into the examination of Adobe Reader's XSLT engine, based on the open-source Sablotron project, to understand potential vulnerabilities. Learn techniques for auditing source code and matching source-to-binary to identify vulnerable conditions. Discover real-world examples of code execution vulnerabilities in Adobe Reader's codebase. Gain insights from industry experts Brian Gorenc, Jasiel Spelman, and Abdul-Aziz Hariri as they discuss trends in vulnerabilities found in Adobe Reader's XSLT engine over the past year and highlight the importance of understanding security side effects when leveraging open-source components in proprietary systems.
Transforming Open Source to Open Access in Closed Applications
Overview
Syllabus
Recon 2017 Brussels - Transforming Open Source to Open Access in Closed Applications
Taught by
Recon Conference
Related Courses
-
Fuzzing Closed Source Applications
-
Breaking Code Read Protection on the NXP LPC-Family Microcontrollers
-
Managing Audits for Critical Open Source Projects
-
The Myriad Paths to Improving Open Source Security
-
Application Security in the Age of Open Source
-
Finding Vulnerabilities in Your Codebase Using Open Source Tools
