Monthly Archives: September 2008

BabelMap – navigating the spectacle of the seventeen planes

Posted on September 17, 2008 by Chris Weber

BabelMap stays open anytime I’m testing Unicode-enabled software for vulnerabilities. It’s very useful for the advanced search – find all code points with the Zs category assigned, or the white space binary property.

Posted in Unicode, tools | Tagged tools, Unicode | Leave a comment

A shifting HTML5 spec could leave many applications vulnerable

Posted on September 13, 2008 by Chris Weber

We get into a dangerous situation when applications start implementing a standards-based specification that’s still in flux. I think it’s made pretty clear in the HTML5 spec. Implementors should be aware that this specification is not stable. Implementors who are … Continue reading →

Posted in security | Leave a comment

32nd Internationalization and Unicode Conference

Posted on September 10, 2008 by Chris Weber

Just got back from the IUC in San Jose and wanted to post my slides.

Posted in Unicode, security | Tagged testing, Unicode | 1 Comment

Unicode root-cause security issues for generating test cases

Posted on September 9, 2008 by Chris Weber

When it comes to Unicode implementations, there’s a rich set of test cases to perform. Realizing it is the start. Automating it is the next step. Most Unicode-related security bugs can be categorized into the following root-causes: Canonicalization Interpreting non-shortest … Continue reading →

Posted in Unicode, testing | Tagged testing, Unicode | 1 Comment

Monthly Archives: September 2008

BabelMap – navigating the spectacle of the seventeen planes

A shifting HTML5 spec could leave many applications vulnerable

32nd Internationalization and Unicode Conference

Unicode root-cause security issues for generating test cases

Archives

Meta