Chapter 11 (Software Vulnerabilities) Flashcards
3 main categories of software errors
insecure interaction between components
risky resource management
porous defenses
def of defensive programming
designing and implementing software so that it continues to function even when under attack
key rule behind defensive programming
never assume anything. check all assumptions and handle any possible error states
what caused heartbleed
failure to check validity of a binary input value
what is a cross site scription attack
where malicious scripts are injected into trusted websites
what is input fuzzing
useses a shit ton of randomly generated data as inputs to a program
what does ensuring machine language corresponds to algorithim mean
make sure the compilation of the program was not messed with
how do you protect against enviormental variable attacks
in prog, reset env variables to safe values
rule of least priviledge
run programs with least privilege needed to complete their function
how to prevent race conditions
use a lock file
how do you keep temporary files safe
use random names, if just processid is used then the filename can be predicted
