From the course: Developing Secure Software (2015)
Unlock the full course today
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Buffer overflow attacks
From the course: Developing Secure Software (2015)
Buffer overflow attacks
- Software applications vulnerable to buffer overflow attacks are classic examples of the results of insecure programming decisions. Buffer overflow attacks exploit the lack of user input validation. The question here is, How much freedom you can give, in terms of what users can provide to the software. The answer should be as little as possible to get the work done. You should be using the priveledged principle here. There are different containers in your main memory. One of which includes an area storing user inputs called buffer. Stack and heap are examples of other containers in the main memory. When an attacker puts too much information into the buffer, it can overflow into other adjacent containers in the primary memory of your computer. This can contaminate the information already stored in these other containers therefore making the software misbehave. Buffer overflow attacks can crash your program or entire operating system. A more sophisticated buffer overflow attack can…
Contents
-
-
-
-
-
-
Setting the stage34s
-
Buffer overflow attacks1m 41s
-
Buffer overflow countermeasures1m 44s
-
Broken authentication and session management1m 7s
-
Broken authentication and session management countermeasures2m 1s
-
Insecure direct object references1m 24s
-
Insecure direct object references countermeasures52s
-
Sensitive information exposure1m 6s
-
Sensitive data exposure countermeasures1m 37s
-
Other secure coding best practices2m 22s
-
-
-
-