From the course: CISSP Cert Prep (2021): 3 Security Architecture and Engineering

Unlock the full course today

Join today to access over 22,500 courses taught by industry experts or purchase this course individually.

Overflow attacks

Overflow attacks

- [Instructor] When software engineers develop applications, they often set aside specific portions of memory to contain variable content. Users often provide answers to questions that are critical to the application's functioning, and fill those memory buffers. If the developer fails to check that the input provided by the user is short enough to fit in the buffer, a buffer overflow occurs. The user content may overflow from the area reserved for input into an area used for other purposes, and unexpected results may take place. The easiest way to show this is with an example, so let's go back to WebGoat. You can see here that we have an application handling wifi charges for hotel rooms. I'm also going to start up the ZAP proxy, and then run through this page. I'm going to go ahead and enter my name and a hotel room number, and then press Submit. Here I am now in the ZAP proxy, which has intercepted my request.…

Contents