Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Защита > Input Validation > Flashcards

Input Validation Flashcards

1
Q

What is Out of Bounds Read and Write?

A

Out of Bounds Read - An out of bounds read occurs when a program reads data past the end or before the beginning of the intended buffer. This can allow the attackers to read sensitive information from other memory locations or cause a crash.

A crash can occur when a program reads variable amounts of data and assumes a termination character (or sentinel) exists at the end of the data to stop the read operation as a NULL in a String.

Out of Bounds Write - The occurs when a program tries or does indeed write data past the end, or before the beginning, of
the intended buffer. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer.

Produces undefined or unexpected results such as corruption of data, a crash, or code execution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Buffer and Integer Overflow?

A

Buffer Overflow is an example of out of bounds write. A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer.

Integer overflow or wraparound occurs when an integer value is incremented to a value that is too large to store. When it occurs the value may wrap to become a very small or negative number. When wrap is unexpected it can have severe consequences (e.g.: when the result is used to control looping, make a security decision, or determine the offset or size in behaviour such as memory allocation, copying, concatenation, etc.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How can format strings be exploited?

A

Format strings can be exploited to execute arbitrary code, perform buffer overflow attacks, and extract sensitive information from the web application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What ways are there to implement input validation? [short]

A

There are many ways to implement input validation:
- It can be done at the client-side coded with HTML, handled with pure JavaScript or a specialist JavaScript library such as Jquery.
- It could be done server-slide within view functions or using a server filter.
- Once input validation has been added a form will not be submitted (if client-side) or processed (if server-side) until all validation characteristics are satisfied or valid.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are some ways to validate input? [2]

A

Validating Data Types can be done using built-in data fields. This will prevent users from entering the wrong type of data in particular fields. A form will not submit until inputs are valid.

Validating Data Values
Different validator can be added to a form to validate different values. We can use pattern matching to fit more specific validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Защита (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions