Scribd
Upload
9 views1 page

Buffer Overflow Final Draft

Buffer over flow attack on web applications

Uploaded by

razaidee1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
9 views1 page

Buffer Overflow Final Draft

Buffer over flow attack on web applications

Uploaded by

razaidee1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

Heap based buffer overflow

Syed Raza Abbas


S12345678
North Wales Management School
Wrexham Glyndŵr University
Wales, UK
[email protected]

Abstract—Heap-based buffer overflows, a critical software Hovstad and Schaumont [5] emphasize the software
vulnerability, arise from programs exceeding allocated heap development lifecycle's role in addressing security
memory, leading to data corruption, system crashes, or vulnerabilities, including heap-based overflows.
malicious code execution. This paper investigates root Incorporating security practices throughout development is
causes, types, specific attacks, prevention strategies, and essential.
mitigation techniques, emphasizing robust design and
Conclusion
coding practices.
Heap-based buffer overflows persist as a significant threat.
Introduction
A layered security approach, combining prevention,
Heap-based buffer overflows occur when programs write detection, and response, is crucial. Continuous updates on
beyond allocated heap memory boundaries, compromising vulnerabilities and emerging threats are essential for system
system integrity. Unlike stack-based overflows, heap-based protection.
overflows exploit vulnerabilities in dynamically allocated
References
memory. While defenses like Address Space Layout
Randomization (ASLR) and Data Execution Prevention 1. PaX Team. "PaX: A Linux Kernel Patch for Better
(DEP) [1, 2] have mitigated risks, they remain a significant Security." In: Proceedings of the 10th Conference
threat. on USENIX Security Symposium. USENIX
Association, 2001.
Heap-Based Buffer Overflows: A Deep Dive
2. Microsoft. "Data Execution Prevention (DEP)."
Heap-based overflows manifest in various forms, including
Microsoft Developer Network, 2003.
overwriting object pointers, corrupting object metadata, and
heap spraying. These can lead to data corruption, memory 3. Howard, M., & LeBlanc, D. (2002). Writing secure
leaks, or arbitrary code execution. Notable attacks exploiting code. Microsoft Press.
heap-based overflows include [Insert specific examples].
4. Chen, Y., & Wu, X. (2017). A survey of buffer
Prevention and Mitigation overflow attacks and defense techniques. Journal of
Information Security and Applications, 34, 1-14.
Robust input validation, bounds checking, and secure coding
are essential. Modern compilers and languages offer 5. Hovstad, R., & Schaumont, P. (2005). Secure
safeguards. Operating system defenses like ASLR, DEP, and software development lifecycle. IEEE Security &
stack canaries enhance protection. Address sanitizers and Privacy, 3(6), 36-44.
fuzzing tools aid in vulnerability detection. Control Flow
Integrity (CFI) and Data Execution Prevention (DEP) are 6. CWE (Common Weakness Enumeration)
crucial for preventing code injection. https://cwe.mitre.org/data/definitions/122.html

Drawing on the work of Howard and LeBlanc [3], secure


coding practices are paramount in preventing buffer
overflows. They emphasize understanding potential
vulnerabilities and implementing defensive coding
techniques.

Chen and Wu's survey [4] highlights the prevalence of


buffer overflow attacks and the need for a comprehensive
approach to mitigation. Combining prevention, detection,
and response is crucial.

You might also like