Jeff Morin: Type Conversion Errors: How a Little Data Type Can Do a Whole Lot of Damage - a podcast by Jeff Moss

In the realm of application testing, one of the major, but most often overlooked vulnerabilities, is that of type conversion errors. These errors result from input variable values being used throughout the many areas and codebases that make up the application, and in doing so, are potentially treated as different data types throughout the processing. The application functions correctly and without issue because the values of the input variable are anticipated, even though they are treated in different areas as different data types. The issue arises then when a value is input into one of these variables that is crafted in such a way as to be successfully manipulated by some data types, while failing others, resulting in the application behaving in unanticipated and potentially dangerous ways. These vulnerabilities are much more difficult to identify than simple error-based SQL injection or XSS as they don't readily display success or failure, rather can manifest themselves in other areas or at a later time. This also makes them very dangerous in that the application behaves in completely unanticipated ways, potentially resulting in circumvented authentication and authorization, Denial of Service, elevated privileges, etc.

This talk explores the security pitfalls that result from type conversion errors, how to identify them, and proposes some solutions for identification going forward.

Further episodes of Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.

Further podcasts by Jeff Moss

Website of Jeff Moss