From SecurityForest
- Description: This article discusses the top vulnerability in Linux/UNIX systems: buffer overflows. This article first explains what buffer overflows are and why they're both so common and so dangerous. It then discusses the new Linux and UNIX methods for broadly countering them -- and why these methods are not enough. It then shows various ways to counter buffer overflows in C/C++ programs, both statically-sized approaches (such as the standard C library and OpenBSD/strlcpy solution) and dynamically-sized solutions, as well as some tools to help you. Finally, the article closes with some predictions on the future of buffer overflow vulnerabilities.
- Author: David A. Wheeler
- Download: l-sp4.html (http://www-106.ibm.com/developerworks/linux/library/l-sp4.html)
- Rated:
- Description: Secure programming practice and procedure is a requirement for any organization developing software for production environments, and is an information securitySecure Coding Classes discipline that has realized little focus from both operating system and development tool vendors alike. Without a critical understanding of how and where applications are compromised, system programmers and developers routinely design, develop, and release buggy and fault-ridden software that is easily exploited and compromised by malicious attackers. The only true path to secure software development is an intimate knowledge of the tools and techniques used to exploit errors in software, while emphasizing during development the correct and proper way to design and create software that is resilient to attack, exploit, and compromise.
- Author: William A. Phillips
- Download: Secure Programming Training and Education (http://www.liveammo.com/LiveAmmo_Secure_Programming_Training.htm)
- Rated:
Articles in category "Secure Coding Education"
There are 0 articles in this category.
