- Brute Force
- Insufficient Authentication
- Weak Password Recovery Validation
- Credential/Session Prediction
- Insufficient Authorization
- Insufficient Session Expiration
- Session Fixation
3. Client-side Attacks
- Content Spoofing
- Cross-site Scripting
4. Command Execution
- Buffer Overflow
- Format String Attack
- LDAP Injection
- OS Commanding
- SQL Injection
- SSI Injection
- XPath Injection
5. Information Disclosure
- Directory Indexing
- Information Leakage
- Path Traversal
- Predictable Resource Location
6. Logical Attacks
- Abuse of Functionality
- Denial of Service
- Insufficient Anti-automation
- Insufficient Process Validation
Buffer Overflow exploits are attacks that alter the flow of an
application by overwriting parts of memory. Buffer Overflow is a
common software flaw that results in an error condition. This error
condition occurs when data written to memory exceed the allocated
size of the buffer. As the buffer is overflowed, adjacent memory
addresses are overwritten causing the software to fault or crash.
When unrestricted, properly-crafted input can be used to overflow the
buffer resulting in a number of security issues.
A Buffer Overflow can be used as a Denial of Service attack when
memory is corrupted, resulting in software failure. Even more critical
is the ability of a Buffer Overflow attack to alter application flow and
force unintended actions. This scenario can occur in several ways.
Buffer Overflow vulnerabilities have been used to overwrite stack
pointers and redirect the program to execute malicious instructions.
Buffer Overflows have also been used to change program variables.
Buffer Overflow vulnerabilities have become quite common in the
information security industry and have often plagued web servers.
However, they have not been commonly seen or exploited at the web
application layer itself. The primary reason is that an attacker needs
to analyze the application source code or the software binaries. Since
the attacker must exploit custom code on a remote system, they
would have to perform the attack blind, making success very difficult.
Buffer Overflows vulnerabilities most commonly occur in
programming languages such as C and C++. A Buffer Overflow can
occur in a CGI program or when a web page accesses a C program.
"Inside the Buffer Overflow Attack: Mechanism, Method and Prevention", By Mark E. Donaldson - GSEC
"w00w00 on Heap Overflows", By Matt Conover - w00w00 Security Team
"Smashing The Stack For Fun And Profit", By Aleph One - Phrack 49
To receive your Free Application
Vulnerability Assessment for testing of one attack vulnerability of your choice, please submit your payment of $99.00 for a second Buffer Overflow attack vulnerability test.
Other members of our business group:
COPYRIGHT (C) 2000 - 2013 InfoSecPro.com ALL RIGHTS RESERVED