This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP O2 Platform/Microsoft/ActiveX"
From OWASP
Dinis.cruz (talk | contribs) (Created page with 'This page contains information on how to test ActiveX controls == Security Issues with ActiveX == {list the common problems with ActiveX} == using O2 == One strategy to test Ac…') |
Bill Sempf (talk | contribs) |
||
| (2 intermediate revisions by one other user not shown) | |||
| Line 3: | Line 3: | ||
== Security Issues with ActiveX == | == Security Issues with ActiveX == | ||
{list the common problems with ActiveX} | {list the common problems with ActiveX} | ||
| + | |||
| + | == Tools to test ActiveX for Buffer Overflows == | ||
| + | * http://digitaloffense.net/tools/axman/ | ||
== using O2 == | == using O2 == | ||
| Line 14: | Line 17: | ||
** [http://bytes.com/topic/asp-net/answers/308854-how-create-activex-control-using-c-use-asp-net-webform How to create Activex Control using C# and Use it in ASP.NET webform?] | ** [http://bytes.com/topic/asp-net/answers/308854-how-create-activex-control-using-c-use-asp-net-webform How to create Activex Control using C# and Use it in ASP.NET webform?] | ||
** [http://bytes.com/topic/asp-net/answers/760244-asp-net-activex-object-windows-api-access ASP.NET ActiveX Object Windows API Access] | ** [http://bytes.com/topic/asp-net/answers/760244-asp-net-activex-object-windows-api-access ASP.NET ActiveX Object Windows API Access] | ||
| + | |||
| + | |||
{{Template:Stub}} | {{Template:Stub}} | ||
| + | |||
| + | |||
{{:OWASP_O2_Platform/WIKI/bottom}} | {{:OWASP_O2_Platform/WIKI/bottom}} | ||
| + | [[Category:OWASP .NET Project]] | ||
Latest revision as of 23:27, 10 April 2014
This page contains information on how to test ActiveX controls
Security Issues with ActiveX
{list the common problems with ActiveX}
Tools to test ActiveX for Buffer Overflows
using O2
One strategy to test ActiveX with O2 would be to create a .NET stub around it and then use it to invoke the ActiveX methods
The OWASP .NET tool (couple years old) DN_BOFinder (download from SF) is a .NET Fuzzer which is able to intelligently fuzz .NET assemblies and the COM objects it exposes (see also Buffer_OverFlow_in_ILASM_and_ILDASM
Research Links
- on consuming COM & ActiveX from .NET
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
go back to the main OWASP O2 Platform page
