Buffer overflow attacks occur when users provide input that exceeds the amount of memory allocated by developers and applications fail to catch this error. In this video, learn about the risk that buffer overflow attacks pose to applications and how developers can prevent them from succeeding.
- [Instructor] Buffer overflow attacks…also pose a danger to the security of web applications.…When software engineers develop applications,…they often set aside specific portions of memory…to contain variable content.…Users often provide answers to questions…that are critical to the application's functioning…and fill those memory buffers.…If the developer fails to check that the input provided…by the user is short enough to fit in the buffer,…a buffer overflow occurs.…The user content may overflow from the area reserved…for input into an area used for other purposes…and unexpected results may occur.…
The easiest way to show this…is with an example,…so let's go back to WebGoat.…You can see here that we have…an application handling WiFi charges for hotel rooms.…I'm also going to start up the ZAP proxy…and then run through this page.…I'm going to go ahead and enter my name…and a hotel room number…and then press Submit.…Here I am now in the ZAP proxy…which has intercepted my request.…I'm going to start walking through this step by step…
This course—along with the others in this nine-part series—prepare you for the CISSP exam and provide you with a solid foundation for a career in information security.
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Software development methodologies
- Operation, maintenance, and change management
- Cross-site scripting
- Preventing SQL injection
- Overflow attacks
- Malicious add-ons
- Secure coding practices
- Code signing
- Risk analysis and mitigation
- Software testing
- Acquired software