Join Mike Chapple for an in-depth discussion in this video Overflow attacks, part of CompTIA Security+ (SY0-401) Cert Prep: Threats and Vulnerabilities.
- [Voiceover] Buffer overflow attacks also pose a danger…to the security of web applications.…When software engineers develop applications,…they often set aside specific portions of memory…to contain variable content.…Users often provide answers to questions…that are critical to the application's functioning…and fill those memory buffers.…If the developer fails to check…that the input provided by the user…is short enough to fit in the buffer,…a buffer overflow occurs.…The user content may overflow…from the area reserved for input…into an area used for other purposes,…and unexpected results may occur.…
The easiest way to show this is with an example.…So let's go back to WebGoat.…You can see here that we have an application…handling WiFi charges for hotel rooms.…I'm also going to start up the ZAP proxy…and then run through this page.…I'm going to go ahead and enter my name…and a hotel room number…and then press Submit.…Here I am now in the ZAP proxy…which has intercepted my request.…I'm going to start walking through this,…
NOTE: We are now a CompTIA Content Publishing Partner. Our training prepares members to pass CompTIA certification exams and become qualified IT professionals. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.
- Comparing viruses, worms, and Trojans
- Understanding backdoors and logic bombs
- Defending against denial of service and password attacks
- Preventing insider threats
- Detecting social engineering attacks
- Preventing wireless eavesdropping
- Understanding cross-site scripting
- Preventing SQL injection
- Deterring attacks
- Securing your network
- Scanning for and assessing threats
Skill Level Intermediate
Q: This course was updated on 04/25/2016. What changed?
A: We updated eight movies to stay on top of the latest trends in IT security, and the latest objectives on the "Threats and Vulnerabilities" domain of the CompTIA Security+ exam.
2. Understanding Attack Types
3. Social Engineering Attacks
4. Wireless Attacks
5. Application Attacks
6. Mitigation and Deterrence
7. Discovering Threats and Vulnerabilities
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.