Lec 8: Software Security 1: Implementation Vulnerabilities 1: Stack Flashcards
When is a program secure?
What is a software vulnerability?
What is a buffer overflow?
What makes buffer overflow attacks able to occur?
What steps do you need to do to hijack control of a system?
What do stack activations for C look like in memory?
What does this example look like in Windows x86?
Why is strcpy() unsafe?
Why is it called shellcode?
- trying to run a shell
What are some challenges for an buffer overflow attacker?
What are some examples of string-based bufer overflows that have happened in history?
Why are string-based buffer overflows able to happen? What are solutions to this problem?
What is the problem with using strncpy() to prevent buffer overflows?
How is this a bigger problem than just strings?
What are the key issues that let buffer overflows happen?
What is the debate behind bugs vs vulnerabilities?
Explain the off-by-one buffer overflow example
What can we do to prevent buffer overflows?
What are compile time solutions to buffer overflow problems?
What is stack validation?
How is a cookie secret in stack validation?
How does stack validation work?
What are the issues of stack validation?
What is memory protection?
What are the issues with memory protection?
What is address randomization? What are the challenges?
How can heap spray be used for randomization?
How does heap spraying work?
What makes return-oriented programming possible?
How does return-oriented programming (bleeding edge) work?
What is the end result of bleeding edge?
