Why Bother Assessing Popular Software?
-
David Middlehurst James Loureiro - 5 Jun 2015
David Middlehurst and James Loureiro presented at BSides London 2015 on assessing popular software.
In their talk they started by setting the scene with the current state of software security and what you might expect from vendors of popular software.
They then presented a case study of how they approached Adobe Reader as a target and understood its attack surface. This involved looking at different aspects of the product such as the JavaScript API, PDF Rendering Engine and Sandbox and how they identified some high risk vulnerabilities within Reader.