Join Kevin Skoglund for an in-depth discussion in this video Buffer overflows, part of Programming Foundations: Web Security.
- In this movie, we'll talk about buffer overflows.…These are also sometimes called stack overflows,…or overruns.…In low-level programming languages,…like C, C++, and Objective-C,…the programmer has control over memory allocation.…They allocate memory with a fixed size,…and then assign data to it.…User input should be the same size…as the space that the programmer's allocated for it.…But if it's not, if it's too large,…then it overflows the boundaries assigned to it.…And potentially, it overwrites part of a block of memory…that's being used for something else.…
When this happens, part of the program becomes corrupted.…And it can then crash the system.…Or, if the data that overflows the user input,…if it's very well-crafted,…it cannot just break the program code…with something meaningless.…It can replace it with new code, which is meaningful.…And which changes the way the program functions.…Or, in a real extreme scenario,…it can even be used to break out of the program…and run system-level commands as well.…This is the really bad news remote system execution…
This course is great for developers who want to secure their client's websites, and for anyone else who wants to learn more about web security.
- Why security matters
- What is a hacker?
- How to write a security policy
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- SQL injection
- Session hijacking and fixation
- Passwords and encryption
- Secure credit card payments
Skill Level Beginner
1. Security Overview
2. General Security Principles
3. Filtering Input, Controlling Output
4. The Most Common Attacks
5. Encryption and User Authentication
6. Other Areas of Concern
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.