• Main Menu
  • Secure Programming

    • Format String Vulnerability

      Format String Vulnerability

      To understand what a format string vulnerability is, you first need to know what a format string is. A format string is a way of telling the C compiler how it should format numbers when it prints them. Format Strings in C In the C programming language there are a number of functions which accept

    • Random Number Vulnerability

      Random Number Vulnerability

      Computers are deterministic and are therefore predictable. Computers cannot, in and of themselves, generate truly random numbers. In the absence of outside input, computers can only create pseudo-random numbers.  In the words of John Von Neumann, “Anyone attempting to produce random numbers by purely arithmetic means is, of course, in a state of sin.” A

    • SQL Injection Attack / Vulnerability

      SQL Injection Attack / Vulnerability

      A SQL injection vulnerability can occur when a poorly-written program uses user-provided data in a database query without first validating the input. This is most-often found within web pages with dynamic content. There are some excellent tutorials and descriptive articles on this subject, as well as many vulnerability postings for different applications from full-disclosure websites.

    • Race Condition

      Race Condition

      A race condition occurs when multiple processes access and manipulate the same data concurrently, and the outcome of the execution depends on the particular order in which the access takes place. A race condition is of interest to a hacker when the race condition can be utilized to gain privileged system access. Consider the following

    • How to Find Security Vulnerabilities in Source Code

      How to Find Security Vulnerabilities in Source Code

      The original, and still the best, method for finding security vulnerabilities in source code is to read and understand the source code. Source code security vulnerabilities will vary between languages and platforms. Items to look for in C code include: Potential vulnerability Function calls to examine for vulnerabilities Buffer overflows gets(), scanf(), sprintf(), strcat(), strcpy()

    • Integer Overflow

      Integer Overflow

      An integer overflow, or integer wrapping, is a potential problem in a program based upon the fact that the value that can be held in a numeric datatype is limited by the data type’s size in bytes. ANSI C uses the following minimum sizes: data type size (bytes) char 1 short 2 int 2 long

    98 queries in 0.261 seconds.