Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

software Security > Sins of Buffer Overrun > Flashcards

Sins of Buffer Overrun Flashcards

1
Q

What is a buffer overrun?

A

A buffer overrun occurs when a program allows input to write beyond the end of the allocated buffer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a buffer in programming?

A

A buffer is a piece of memory allocated to a variable by a programmer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Give an example of a buffer declaration in Java.

A

Integer names = new String[10];

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What can happen if more data is provided than a buffer expects?

A

It can result in an application crash or exploitation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Why are lower-level languages like C and C++ more affected by buffer overruns?

A

Because they allow direct memory manipulation, unlike higher-level languages like C# and Java which have garbage collectors that manage memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which level languages are more affected by buffer overruns and why?(provide level, 2 example languages and motivation)

A

Lower level languages like C and C++, because they allow direct memory manipulation, unlike higher-level languages like C# and Java which have garbage collectors that manage memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Name some related security issues to buffer overruns.

A

Integer overflows, format string bugs, and unbounded write to an array.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a basic redemption method for preventing buffer overruns?

A

Validate user input to ensure it does not exceed buffer boundaries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What should you do to safely manage buffer accesses in your code?

A

Use safe string and buffer handling functions, and understand the implications of custom buffer-copying code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Name a compiler-based defense against buffer overruns.

A

Using options like /GS in compilers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a recommended operating system-level defense against buffer overruns?

A

Data Execution Prevention (DEP) and PaX.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is address randomization, and how is it used in defending against buffer overruns?

A

Address Space Layout Randomization (ASLR) randomizes memory addresses to make buffer overruns more difficult to exploit, such as /dynamicbase in Windows.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Why is it important to understand what data the attacker controls?

A

To manage that data safely in your code and prevent security vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Why should you not rely solely on compiler and OS defenses?

A

Because they are not sufficient on their own and should be complemented with safe coding practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What should you avoid when writing new code to prevent buffer overruns?

A

Avoid using unsafe functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a best practice regarding the use of string functions in C++?

A

Use C++ string and container classes rather than low-level C string functions.

17
Q

What should you consider regarding old code to enhance security against buffer overruns?

A

Consider updating your C/C++ compiler and removing unsafe functions from old code over time.

software Security (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions