Presentation is loading. Please wait.

Presentation is loading. Please wait.

Buffer Overflow Defenses Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Quiz: Buffer Overflow Defenses.

Published byHerbert Kelly Modified over 8 years ago

Similar presentations

Presentation on theme: "Buffer Overflow Defenses Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Quiz: Buffer Overflow Defenses."— Presentation transcript:

1 Buffer Overflow Defenses Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu Quiz: Buffer Overflow Defenses Author: Jedidiah R. Crandall, crandaj@erau.edu This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service Program: Grant No. 0113627 Distributed July 2002 Embry-Riddle Aeronautical University Prescott, Arizona USA 5 Questions, Answers follow the “About” page.

2 Buffer Overflow Defenses Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu 1. Which of these can prevent a buffer overflow before the software is released? A.Testing B.StackGuard C.Code Inspection D.Anti-virus software

3 Buffer Overflow Defenses Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu 2. Which of these will anti-virus software prevent? A.Known attacks on known vulnerabilities B.Unknown attacks on known vulnerabilities C.Attacks on unknown vulnerabilities D.Careless software engineering practices

4 Buffer Overflow Defenses Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu 3. Which of these statements are true? A.Languages like Java and Ada are less susceptible to buffer overflows B.Programmers who use Java or Ada don’t ever have to think about buffer overflows C.Java has better performance in terms of speed than C D.There are String libraries available for C/C++ that are safer than the standard libraries

5 Buffer Overflow Defenses Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu 4. Which of these tools would be appropriate during testing? A.A static analysis tool B.A dynamic analysis tool C.StackGuard D.A sledge hammer

6 Buffer Overflow Defenses Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu 5. Which of these buffer overflow preventions has a negligible performance overhead? A.StackGuard B.C compilers with automatic bounds checking C.An operating system patch that disables execution of code outside of the code space D.A C++ library for “limitless” buffers

7 Buffer Overflow Defenses Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu About this Project This presentation is part of a larger package of materials on buffer overflow vulnerabilities, defenses, and software practices. For more information, go to: http://nsfsecurity.pr.erau.eduhttp://nsfsecurity.pr.erau.edu Also available are: Demonstrations of how buffer overflows occur (Java applets) PowerPoint lecture-style presentations on an introduction to buffer overflows, preventing buffer overflows (for C programmers), and a case study of Code Red Checklists and Points to Remember for C Programmers An interactive module and quiz set with alternative paths for journalists/analysts and IT managers as well as programmers and testers A scavenger hunt on implications of the buffer overflow vulnerability Please complete a feedback form at http://nsfsecurity.pr.erau.edu/feedback.html to tell us how you used this material and to offer suggestions for improvements.http://nsfsecurity.pr.erau.edu/feedback.html

8 Buffer Overflow Defenses Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. http://sfsecurity.pr.erau.edu Answers 1. A,C 2. A 3. A,D 4. B 5. C

Download ppt "Buffer Overflow Defenses Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Quiz: Buffer Overflow Defenses."

Similar presentations

Introduction to Memory Management. 2 General Structure of Run-Time Memory.

Introduction to Memory Management. 2 General Structure of Run-Time Memory.
DETAILED DESIGN, IMPLEMENTATIONA AND TESTING Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.

DETAILED DESIGN, IMPLEMENTATIONA AND TESTING Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Buffer Overflow Intro. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Preventing Buffer Overflows (for C programmers)

Buffer Overflow Intro. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Preventing Buffer Overflows (for C programmers)
Buffer Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Buffer Overflow Causes Author: Jedidiah.

Buffer Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Buffer Overflow Causes Author: Jedidiah.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 11 – Buffer Overflow.
By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
CS 31003: Compilers ANIRUDDHA GUPTA 11CS10004 G2 CLASS DATE : 24/07/2013.

CS 31003: Compilers ANIRUDDHA GUPTA 11CS10004 G2 CLASS DATE : 24/07/2013.
David Brumley, Pongsin Poosankam, Dawn Song and Jiang Zheng Presented by Nimrod Partush.

David Brumley, Pongsin Poosankam, Dawn Song and Jiang Zheng Presented by Nimrod Partush.
K. Salah1 Buffer Overflow The crown jewel of attacks.

K. Salah1 Buffer Overflow The crown jewel of attacks.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
Cell phones off Name signs out – congrats Sean! CSE 116 Introduction to Computer Science for Majors II1.

Cell phones off Name signs out – congrats Sean! CSE 116 Introduction to Computer Science for Majors II1.
Teaching Buffer Overflow Ken Williams NC A&T State University.

Teaching Buffer Overflow Ken Williams NC A&T State University.
Why Security Testing Is Hard by Herbert H. Thompson presented by Carlos Hernandez.

Why Security Testing Is Hard by Herbert H. Thompson presented by Carlos Hernandez.
Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. Software Engineering Lifecycle Authors: Jan G. Hogle,

Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. Software Engineering Lifecycle Authors: Jan G. Hogle,
SQL Injection and Buffer overflow

SQL Injection and Buffer overflow
C Programmer Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Quiz: For C Programmers Author: Jedidiah.

C Programmer Quiz. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Quiz: For C Programmers Author: Jedidiah.
Examining the Code [Reading assignment: Chapter 6, pp. 91-104]

Examining the Code [Reading assignment: Chapter 6, pp ]
Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.

Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.
Concept of Computer Programming November 2, 2011.

Concept of Computer Programming November 2, 2011.

Similar presentations

Ads by Google