This site graciously hosted
by our friends at




Analysis of Topical Vulnerabilities

This section contains our analysis and commentary on topical vulnerability issues, as they arise from time to time. We look at the vulnerability reports (graciously provided by our friends at SecurityTracker), and analyze what may have gone wrong in the software development process.



09 April 2004 - Ken and Sean analyze a recently discovered buffer overflow in the popular MPlayer and dicuss its far-reaching implications.

07 February 2004 - In this vulnerability analysis we introduce a new analyst and ponder the fine art of user input screening as it applies to a well-known PHP application.

26 September 2003 - Ken takes a look at a classic user data input-scrubbing flaw in a popular internet program.

29 July 2003 - Mark and Ken analyze a design flaw in a high profile web portal, and discuss steps to take during the design process to avoid such mistakes.

23 July 2003 - Mark and Ken examine a simple coding error, identify its root causes, and talk about "banana peel slips".

09 July 2003 - In this analysis piece, Mark and Ken look at a classic directory traversal implementation flaw.

19 June 2003 - Mark and Ken's analysis and commentary on the recent Microsoft Internet Explorer "script injection" vulnerability.

We should emphasize that these analyses and commentary documents are merely our opinions. Further, we aim to be vendor neutral in our analyses.

As always, we welcome your feedback and suggestions.


Site Contents Copyright (C) 2002, 2003 Mark G. Graff and Kenneth R. van Wyk. All Rights Reserved.
webmaster@securecoding.org