From the course: Threat Modeling: Denial of Service and Elevation of Privilege
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Ways to defend against EOP
From the course: Threat Modeling: Denial of Service and Elevation of Privilege
Ways to defend against EOP
- [Instructor] What makes input trustworthy? When it's immutable strings compiled into the code, it's trustworthy, nothing else is. By definition immutable variables can be modified by someone. If those someones are outside your trust boundaries, they may gain privileges to get things done by modifying your input, modifying your configuration files, your environment variables, your DNS or anything else that they can. To defend against these attacks, we have a set of defenses including validation, paranoid parsing and attenuation by your code, type safety and memory design at the compiler and operating system level and sandboxes and other isolation techniques at the operating system or deployment level. Some of these defenses fall on the developer writing the code, others on the architects selecting languages and environments. Yet others are choices that can be made by operations to buttress those defenses and provide…
Contents
-
-
-
-
-
-
-
-
Ways to defend against EOP1m 10s
-
Validation to defend against elevation1m 32s
-
Validate for purpose to prevent elevations1m 56s
-
Validation not sanitization for defense1m 13s
-
Attenuation in defense2m 14s
-
Memory safety as a defensive tool2m 1s
-
Stack canaries to protect your code2m 20s
-
Sandboxes and isolation protect your environment2m 8s
-
Bolt-on or built-in defenses1m 26s
-
-