-software vulnerabilities and how attackers explit them
-defenses against attacks that try to exploit buffer overflows
-secure programming: code “defensively”, expecting it to be exploited. Do not trust the “inputs” that come from user of the software system.
e.g. Buffer overflow – a common and persistent vulnerability
stack buffer overflows,
stacks are used… in function/procedure calls, for allocation of memory for local variables, parameters, control information(return address)
#include <stdio.h>
#include <strings.h>
int main(int argc, char *argv[]){
int allow_login = 0;
char pwdstr[12];
char targetpwd[12] = "MyPwd123";
gets(pwdstr);
if (strncmp(pwdstr, targetpwd, 12) == 0)
allow_login = 1;
if (allow_login == 0)
printf("Login request rejected");
else
printf("Login request allowed");
}
