Do you ever use C functions in your application (If any) such as gets(), scanf(), strcpy(), strcat() which do not perform bounds checking and making them vulnerable to buffer overflow? 2 points
Bounds checking consists of any method which detects whether or not a variable is within some bounds before it is used. A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory buffer. As a result, the program attempting to write the data to the buffer overwrites adjacent memory locations. C is a programming language which does not support bounds checking, therefore making it some susceptible to buffer overflow attacks.
Do you ever used libraries, and containers that can check bounds optionally in C/C++’s Standard Template Library (STL) to avoid DoS? 2 points
Using libraries and containers that check bounds in C/C++ STL is important regarding bug detection (finding and fixing bugs early in the development process), code maintainability (makes the code more robust and easier to maintain), security (prevents buffer overflow, memory corruptions and DoS attacks). In terms of security, not only does it prevent against buffer overflow and DoS, but it also mitigates arbitrary code execution and enhances input validation, making an application more secure and preventing attackers from compromising its integrity and confidentiality.
Do you use tools which check the stack of the process remaining un-altered after a function returns? 2 points
Using tool which check if the stack of the process remains un-altered after a function return is an additional layer of security which helps in preventing buffer overflow attacks, maintains stack integrity and detects exploitation attempts.
Do you use tools which divide the stack of the process? 2 points
Tools which divide the stack of the process are important as they enhance security by preventing and detecting buffer overflow attacks, by protecting against arbitrary code execution and stack smashing. Through this, the integrity of the code is maintained and another layer of security is added to software applications.
Do you use tools which protect the pointer protection in the buffer of the process? 2 points
Not using tools to protect pointer integrity within process buffers can lead to significant risks, including increased vulnerability to buffer overflow attacks, increased likelihood of unauthorized code execution, potential data corruption, system instability or crashes, compromised user trust, legal and regulatory non-compliance, and substantial resource allocation for incident resolution. These tools are essential for mitigating pointer-related security threats and maintaining the robustness and security of software applications.
Do you use tools which protect the executable space in the buffer of a process? 3 points
In programming it is crucial to use tools which protect the executable space in the buffer of a process because through this you can prevent code injection, mitigate buffer overflow attacks, enhance software security and maintain data integrity. Overall, this is a layer of security that is highly important in case a developer wants to have a software as highly secure as possible.
Do you use tools which use Address space layout randomization in the address space of a process? 2 points
Address space layout randomization (ASLR) is a computer security technique involved in preventing exploitation of memory corruption vulnerabilities. In order to prevent an attacker from reliably jumping to, for example, a particular exploited function in memory, ASLR randomly arranges the address space positions of key data areas of a process, including the base of the executable and the positions of the stack, heap and libraries.
Do you use tools which use Deep packet inspection (DPI) or packet scanning? 2 points
Deep packet inspection (DPI) is an advanced network traffic management and examination method. It can be used to detect and intercept viruses, worms and other forms of malicious spyware, as well as as a content policy enforcement to stop data leaks and to streamline and/or modify the network traffic flow. Moreover, DPI can also be used to prevent peer-to-peer abuse by throttling data transfers.
Do you take the precaution action to prevent the Integer Overflow which result in Buffer Overflow and bypass the IDS rules, while you develop the C/C++ or Java Programming? 2 points
Preventing Integer Overflow is crucial in order to prevent security vulnerabilities such as Buffer Overflow, data manipulation, data breaches, or system crashes. Not only does Integer Overflow cause security vulnerabilities, but it also decreases the quality and reliability of the program, such as making the program have unexpected behavior and/or incorrect results.
Do you include the sensitive information within the bytecode of JVM (if your developer use Java programming)? 2 points
It is not recommended to include within the bytecode of JVM sensitive information, as the bytecode can be decompiled or reverse-engineered. This enhanced a plethora of security risks, including information leakage and data breaches.