Introduction

Taint Analysis

Life is not like water. Things in life don’t necessarily flow over the shortest possible route Haruki Murakami - 1Q84

Taint analysis (or source and sink analysis ) is the analysis of the flow of input through a program from sources to sinks .

It relies on a simple idea: a large number of vulnerabilities occur because attacker controlled input (the source) flows to a dangerous function (the sink). If the input modifies other variables along the way, these variables become “tainted” and are included in the analysis.

Hi everyone this is the first serie of my notes and my recap of the awesome/incredible book From Day Zerp to Zero Day written by Eugene “Spaceraccoon” Lim a security researcher and white-hat hacker.

He learned rapidly because his first training was in how to learn. - Frank Herbert, Dune.

With the number of discovered and exploited zero days constantly growing, vulnerability research, or the process of analyzing systems for new vulnerabilities, has zero to zero assumed a critical role in cybersecurity.