Chapter 3 Flashcards
Buffer overflows
A programming error relating the range of an array where the reference is out of bounds of the array.
Attackers first cause a system crash and then a controlled failure to bypass security.
Buffer overflow countermeasures
Staying within bounds:
Check lengths before writing
Double check the boundary condition:
This is to catch off by one errors
Programming controls:
Code reviews
Independent testing
Code analysers:
Tools that inspect the code for errors
Mediation
Mediation is checking. Refers to checking an actors authorisation before taking an intended action.
Verifying an actor is authorised to perform the operation on the object
Incomplete mediation
The system allows incorrect input to be captured without checking the data
Time-of-check to time-of-use-errors
Data is changed between access and use. There is a time lag between the two
Undocumented access point
Access is created for development but should be removed before production. A backdoor into the system
Off by one errors
Programmers exceed the array size by one because of incorrect checks on array size
Module testing
Same as component testing
Component testing
Done after unit testing. The subject is tested independently of other components.
Integration testing
Testing of multiple components integrating with each other. A combined testing of components
Functional testing
Tests if the system performs the functions as described by the requirements specification
Performance testing
Tests the system under load for reliability, stability and availability
Acceptance testing
End to end testing of the system against the requirements specification
Installation testing
Tests the system once it has been installed to verify it functions as it should
Malicious code
AKA malware - malicious software. Programs planted to cause undesired or unanticipated effects
