This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Periodic Table of Vulnerabilities - Buffer Overflow

From OWASP
Revision as of 04:33, 15 May 2013 by James Landis (talk | contribs) (Created page with "Return to Periodic Table Working View == Buffer Overflow == === Root Cause Summary === The app...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Return to Periodic Table Working View

Buffer Overflow

Root Cause Summary

The application allows an attacker to supply more data than will fit in a pre-allocated block of memory and overwrite existing instructions or data.

Browser / Standards Solution

None

Perimeter Solution

The perimeter should defend applications from known worm/exploit signatures such as Code Red and alert or block suspicious payloads (e.g. thousands of characters or shellcode signatures).

Generic Framework Solution

The framework should be built on a memory-managed platform which prohibits direct memory access.

Custom Framework Solution

None

Custom Code Solution

None

Discussion / Controversy

Even if the overhead of a managed platform costs a few extra CPUs, the cost is vanishingly small compared to the extra cost of code review and testing required to ensure that the application is secure against buffer overflow bugs.

References

Buffer Overflow