11 Application Security Pt.1

11 Application Security Pt.1 - Penetration Attacks Program...

Info iconThis preview shows pages 1–13. Sign up to view the full content.

View Full Document Right Arrow Icon
Penetration Attacks Program Security
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Categories Scanning Denial-of-Service (DoS) Hijacking Penetration
Background image of page 2
Contents What do we mean by penetration? Where are the vulnerable points? How do we defend against attacks?
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Starting from the inside out Let's start with the simplest system A single computer on the network What is exposed on such a system? How could you find out?
Background image of page 4
Starting from the inside out Let's start with the simplest system A single computer on the network What is exposed on such a system? How could you find out?
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Finding out what is open Scanning We looked at nmap earlier and saw how we can scan for open ports on a host These ports are tied to programs that are accepting input Can this be exploited?
Background image of page 6
Finding out what is open Scanning We looked at nmap earlier and saw how we can scan for open ports on a host These ports are tied to programs that are accepting input Can this be exploited?
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
An Early Example The Morris Worm 1988 Considered the first worm Used a few vulnerabilities to move around from host to host Very little concern about security at this time
Background image of page 8
Morris Worm Infected roughly 10% of the Internet Which amounted to about 6,000 infected hosts Inspired the founding of CERT/CC Amongst other methods, it used a buffer overflow attack
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Buffer Overflow What is a buffer? A block of memory used to store data An array What is a buffer overflow Writing past the end of the buffer Overwriting other memory
Background image of page 10
Buffer Overflow This is a common mistake made in software A lot of software does not check for buffer overflows char text[10]; strcpy (text, “This is too long”);
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Some languages check for this, some do not Why? Efficiency Older languages typically do not check C, C++, etc. .. Unfortunately a lot of code was written with
Background image of page 12
Image of page 13
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 04/24/2011 for the course CET 4663 taught by Professor Staff during the Fall '08 term at University of Central Florida.

Page1 / 35

11 Application Security Pt.1 - Penetration Attacks Program...

This preview shows document pages 1 - 13. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online