Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CSE 127: Intro to Security > Lec 8: Software Security 1: Implementation Vulnerabilities 1: Stack > Flashcards

Lec 8: Software Security 1: Implementation Vulnerabilities 1: Stack Flashcards

1
Q

When is a program secure?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a software vulnerability?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a buffer overflow?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What makes buffer overflow attacks able to occur?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What steps do you need to do to hijack control of a system?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What do stack activations for C look like in memory?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does this example look like in Windows x86?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Why is strcpy() unsafe?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Why is it called shellcode?

A
  • trying to run a shell
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are some challenges for an buffer overflow attacker?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are some examples of string-based bufer overflows that have happened in history?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why are string-based buffer overflows able to happen? What are solutions to this problem?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the problem with using strncpy() to prevent buffer overflows?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How is this a bigger problem than just strings?

17
Q

What are the key issues that let buffer overflows happen?

18
Q

What is the debate behind bugs vs vulnerabilities?

19
Q

Explain the off-by-one buffer overflow example

20
Q

What can we do to prevent buffer overflows?

21
Q

What are compile time solutions to buffer overflow problems?

22
Q

What is stack validation?

23
Q

How is a cookie secret in stack validation?

24
Q

How does stack validation work?

25
What are the issues of stack validation?
26
What is memory protection?
27
What are the issues with memory protection?
28
What is address randomization? What are the challenges?
29
How can heap spray be used for randomization?
30
How does heap spraying work?
31
What makes return-oriented programming possible?
32
How does return-oriented programming (bleeding edge) work?
33
What is the end result of bleeding edge?

CSE 127: Intro to Security (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions