For my Computer Security class, we have to do a final "project" (paper). The requirements are >=5 pages on a relevant topic.
I'm still writing it, but I thought I'd post what I have here. I'm trying to direct it at people who don't really know this stuff (like, for instance, my professor). So if there's anything in there I don't explain or that's too technical, please feel free to point it out.
So far, I've basically done the introduction. It's long because I'm trying to explain the background of three major vulnerabilities (Stack overflow, Heap overflow, and Format String vulnerability). I'm done Stack and Heap, along with example code that I partly wrote and partly copied (haven't cited source yet). I've run it all, and it all runs great. After I'm done outlining them, I'm going to be showing some ways that have been used to prevent them (backtracing, non-executable stack, etc) and ways to counter those (fake stack frames, returning into libc, respectively). But that's not done (or started) yet.
The more feedback/criticism I get here, the better. It's due in 9 days, and I'll be posting updates as I make them.
Thanks to anybody who reads it!
http://www.javaop.com/~iago/Paper.pdf