|
Size: 84
Comment:
|
← Revision 3 as of 2010-04-20 02:38:51 ⇥
Size: 3195
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 4: | Line 4: |
= Hacking Exposed Chapter 10: Hacking Code = == Common exploit techniques == * Buffer Overflows and Design Flaws * Input Validation Attacks === Stack Buffer Overflows === * Easiest and most devastating buffer overrun * A stack is the computer memory used when functions call other functions. * Occurs when a program writes to a memory address on the program's stack outside of the intended data structure ==== Countermeasures ==== * Practice safe and secure coding standards. * Check your code. * Consider prohibiting the use of old C runtime buffer functions. * Employ stack execution protection. * Use compiler tools. === Heap/BSS/Data Overflows === * Very similar to stack overflows * The heap is used by programs to allocate dynamic memory at runtime. ==== Countermeasures ==== * Practice safe and secure coding standards. * Check your code. * Consider prohibiting the use of old C runtime buffer functions. * Employ stack execution protection. * Use compiler tools. === Format String Attacks === * Overwrites portions of memory to give the hacker control over the CPU’s execution flow. * Takes advantage of misused functions, most notably, the printf() family of functions. ==== Countermeasures ==== * Hard code the format specifier in your functions. In other words, be sure to utilize the complete printf() function. === Off-by-One Errors === * When a programmer miscounts something in his conditional statement. * Eg. if (id < 0 || id > channels_alloc) ==== Countermeasures ==== * Check all code carefully === Canonicalization Attacks === * Canonicalization is the process for determining how various forms or characters of a word are resolved to a single name or character. ==== Countermeasures ==== * Address the problem with the language you are writing in. * Be specific about what data your application will accept. == Common Countermeasures == * People: * Changing the Culture * Talk Softly * Carry a Big Stick * Security Improves Quality and Efficiency * Encode It into Governance * Measure, Measure, Measure * Accountability * Process: * Appoint a Security Liaison on the Development Team * Education, Education, Education * Threat Modeling * Code Checklists * Security in the Development Lifecycle * Security Testing * Audit or Final Security Review * Maintenance * Technology: * Managed Execution Environments * Input Validation Libraries * Platform Improvements == Conclusion == * Stack Buffer Overflows are easiest and most dangerous buffer overrun hacks. * printf() most misused function by Format string attacks. * Canonicalization - the process for determining how various forms or characters of a word are resolved to a single name or character. * Many common countermeasures. == Quiz == * What is considered the easiest buffer overrun hack? * Which function is the most misused by Format string attacks? * Name 3 common countermeasures. == Answers == * Stack Buffer Overflows * Printf() * Any of the 18 given |
Back to Cptr427Winter2010
Hacking Exposed Chapter 10: Hacking Code
Common exploit techniques
- Buffer Overflows and Design Flaws
- Input Validation Attacks
Stack Buffer Overflows
- Easiest and most devastating buffer overrun
- A stack is the computer memory used when functions call other functions.
- Occurs when a program writes to a memory address on the program's stack outside of the intended data structure
Countermeasures
- Practice safe and secure coding standards.
- Check your code.
- Consider prohibiting the use of old C runtime buffer functions.
- Employ stack execution protection.
- Use compiler tools.
Heap/BSS/Data Overflows
- Very similar to stack overflows
- The heap is used by programs to allocate dynamic memory at runtime.
Countermeasures
- Practice safe and secure coding standards.
- Check your code.
- Consider prohibiting the use of old C runtime buffer functions.
- Employ stack execution protection.
- Use compiler tools.
Format String Attacks
- Overwrites portions of memory to give the hacker control over the CPU’s execution flow.
- Takes advantage of misused functions, most notably, the printf() family of functions.
Countermeasures
- Hard code the format specifier in your functions. In other words, be sure to utilize the complete printf() function.
Off-by-One Errors
- When a programmer miscounts something in his conditional statement.
Eg. if (id < 0 || id > channels_alloc)
Countermeasures
- Check all code carefully
Canonicalization Attacks
- Canonicalization is the process for determining how various forms or characters of a word are resolved to a single name or character.
Countermeasures
- Address the problem with the language you are writing in.
- Be specific about what data your application will accept.
Common Countermeasures
- People:
- Changing the Culture
- Talk Softly
- Carry a Big Stick
- Security Improves Quality and Efficiency
- Encode It into Governance
- Measure, Measure, Measure
- Accountability
- Process:
- Appoint a Security Liaison on the Development Team
- Education, Education, Education
- Threat Modeling
- Code Checklists
- Security in the Development Lifecycle
- Security Testing
- Audit or Final Security Review
- Maintenance
- Technology:
- Managed Execution Environments
- Input Validation Libraries
- Platform Improvements
Conclusion
- Stack Buffer Overflows are easiest and most dangerous buffer overrun hacks.
- printf() most misused function by Format string attacks.
- Canonicalization - the process for determining how various forms or characters of a word are resolved to a single name or character.
- Many common countermeasures.
Quiz
- What is considered the easiest buffer overrun hack?
- Which function is the most misused by Format string attacks?
- Name 3 common countermeasures.
Answers
- Stack Buffer Overflows
- Printf()
- Any of the 18 given