The code layer
Security controls are only as strong as the software that implements them. A single unchecked buffer, a mishandled pointer, or a logic error in access control can give an attacker a foothold that bypasses every perimeter defense.
This module explores software-level vulnerabilities: what causes them, how attackers exploit them, and how defenders prevent them. We start with the classic buffer overflow — still one of the most impactful vulnerability classes decades after it was first described — and expand from there.
Topics
01 / Memory
Buffer Overflow
Interactive stack visualization showing how writing past buffer bounds corrupts return addresses and hijacks execution.
02 / Memory
Use-After-Free
Heap memory vulnerabilities where freed objects are accessed again, leading to arbitrary code execution.
03 / Logic
Race Conditions
TOCTOU and concurrency flaws where timing gaps between checks and actions create exploitable windows.
04 / Input
Format String Attacks
When user input is passed directly as a format string, enabling memory reads and writes.
05 / Arithmetic
Integer Overflow
INT_MAX + 1 == INT_MIN. The bug class that bypasses length checks and feeds bad sizes to memcpy — the amplifier behind 30% of memory-corruption CVEs.
06 / Heap
Double Free
Free the same pointer twice. Corrupt the heap freelist. Two pointers to one chunk, attacker controls one. The path from "polite cleanup mistake" to arbitrary write.
07 / Type System
Type Confusion
Treat one type's memory as another type. Field offsets line up wrong. The most common modern browser-exploit class — lives in JIT compilers and unsafe casts.
05 / Defense
Modern Mitigations
ASLR, stack canaries, DEP/NX, CFI, and safe coding practices that make exploitation harder.