The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

This chapter has explained how memory corruption occurs and how it can affect the state of an application. In particular, you've seen how attackers can leverage memory corruption bugs to seize control of applications and perform malicious activities. This knowledge is essential as you assess application security vulnerabilities because it allows you to accurately determine the likelihood of an attacker exploiting a particular memory corruption issue. However, memory corruption exploits are an entire field of study on their own, and the state of the art is constantly changing to find new ways to exploit the previously unexploitable. As a reviewer, you should regard all memory corruption issues as potentially serious vulnerabilities until you can prove otherwise.