#acl SecurityClass2010Group:read,write,admin All:read

Back to Cptr427Winter2010

= Hacking Exposed Chapter 10: Hacking Code =

== Common exploit techniques ==
 * Buffer Overflows and Design Flaws
 * Input Validation Attacks

=== Stack Buffer Overflows ===
 * Easiest and most devastating buffer overrun
 * A stack is the computer memory used when functions call other functions.
 * Occurs when a program writes to a memory address on the program's stack outside of the intended data structure
==== Countermeasures ====
 * Practice safe and secure coding standards.
 * Check your code.
 * Consider prohibiting the use of old C runtime buffer functions.
 * Employ stack execution protection.
 * Use compiler tools.
=== Heap/BSS/Data Overflows ===
 * Very similar to stack overflows
 * The heap is used by programs to allocate dynamic memory at runtime.
==== Countermeasures ====
 * Practice safe and secure coding standards.
 * Check your code.
 * Consider prohibiting the use of old C runtime buffer functions.
 * Employ stack execution protection.
 * Use compiler tools.
=== Format String Attacks ===
 * Overwrites portions of memory to give the hacker control over the CPU’s execution flow.
 * Takes advantage of misused functions, most notably, the printf() family of functions.
==== Countermeasures ====
 * Hard code the format specifier in your functions. In other words, be sure to utilize the complete printf() function.
=== Off-by-One Errors ===
 * When a programmer miscounts something in his conditional statement.
 * Eg. if (id < 0 || id > channels_alloc)
==== Countermeasures ====
 * Check all code carefully
=== Canonicalization Attacks ===
 * Canonicalization is the process for determining how various forms or characters of a word are resolved to a single name or character.
==== Countermeasures ====
 * Address the problem with the language you are writing in.
 * Be specific about what data your application will accept.

== Common Countermeasures ==
 * People:
   * Changing the Culture
   * Talk Softly
   * Carry a Big Stick
   * Security Improves Quality and Efficiency 
   * Encode It into Governance
   * Measure, Measure, Measure
   * Accountability
 * Process:
   * Appoint a Security Liaison on the Development Team
   * Education, Education, Education
   * Threat Modeling
   * Code Checklists
   * Security in the Development Lifecycle
   * Security Testing
   * Audit or Final Security Review
   * Maintenance
 * Technology:
   * Managed Execution Environments
   * Input Validation Libraries
   * Platform Improvements
== Conclusion ==
 * Stack Buffer Overflows are easiest and most dangerous buffer overrun hacks.
 * printf() most misused function by Format string attacks.
 * Canonicalization - the process for determining how various forms or characters of a word are resolved to a single name or character.
 * Many common countermeasures.
== Quiz ==
 * What is considered the easiest buffer overrun hack?
 * Which function is the most misused by Format string attacks?
 * Name 3 common countermeasures.
== Answers ==
 * Stack Buffer Overflows
 * Printf()
 * Any of the 18 given