From the course: Threat Modeling: Denial of Service and Elevation of Privilege

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Ways to defend against EOP

Ways to defend against EOP

From the course: Threat Modeling: Denial of Service and Elevation of Privilege

Start my 1-month free trial

Ways to defend against EOP

- [Instructor] What makes input trustworthy? When it's immutable strings compiled into the code, it's trustworthy, nothing else is. By definition immutable variables can be modified by someone. If those someones are outside your trust boundaries, they may gain privileges to get things done by modifying your input, modifying your configuration files, your environment variables, your DNS or anything else that they can. To defend against these attacks, we have a set of defenses including validation, paranoid parsing and attenuation by your code, type safety and memory design at the compiler and operating system level and sandboxes and other isolation techniques at the operating system or deployment level. Some of these defenses fall on the developer writing the code, others on the architects selecting languages and environments. Yet others are choices that can be made by operations to buttress those defenses and provide…

Contents