Word Notes 2.2.21
Ep 35 | 2.2.21

taint analysis (noun)


Rick Howard: The word is: taint analysis.

Rick Howard: Spelled: T as in tarnish, A as in adulterate, I as in infect, N as in nasty, T as in trace, and analysis or study.

Rick Howard: Definition: The process of software engineers checking the flow of user input in application code to determine if unanticipated input can affect program execution in malicious ways.

Rick Howard: Example sentence: Taint analysis is a useful technique for a security audit or an application's attack surface.

Rick Howard: Origin and context: All user input can be dangerous if it's not properly checked. Think buffer overflows in SQL injection. Taint analysis, a static source code review technique, identifies all user data elements and follows them through the application to make sure they get sanitized before the programmer does anything with them. On the hacker side, with a technique called fuzzing, researchers throw random input at applications to see if they can get them to crash. If they can, that input mechanism, and the functions that support it, are places the hacker can focus to find vulnerabilities for future exploitation. Taint analysis helps reduce the probability that fuzzing will work and hacking techniques like buffer overflow and SQL injection are neutralized.

Rick Howard: Nerd reference: According to David Kalat at Law.com, Elias Levy, co-founder of the company SecurityFocus, published the famous paper "Smashing the Stack for Fun and Profit" in 1996 under his hacker name “Aleph One.” The paper was a recipe for how to create buffer overflow situations in code. The United States Air Force had identified the potential for buffer overflow attacks as far back as 1972, but it wasn't until "Smashing the Stack" came out that the hacker community adopted the buffer overflow technique as a standard tool in their utility belt.