Advanced Software Vulnerability Assessment: Techniques & Tools for Uncovering Flaws, Slides of Computer Networks

An in-depth exploration of vulnerability assessment methodologies and techniques, focusing on the identification of dangerous library functions, bounded memory copies, off-by-one errors, underflow issues, pointer arithmetic, looping constructs, miscalculations, union mismanagement, and subtle trust relationships. It covers various tools and editors, such as vim, emacs, pico, source navigator, cscope, cqual, cvsweb, and automated auditing tools. The document also discusses the importance of understanding signed and unsigned integers, different sized integers, and integer wrapping.

Typology: Slides

2011/2012

Uploaded on 11/09/2012

bacha
bacha 🇮🇳

4.3

(41)

213 documents

1 / 48

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Advanced Software
Vulnerability Assessment
The art and science of uncovering
subtle flaws in complex software…
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30

Partial preview of the text

Download Advanced Software Vulnerability Assessment: Techniques & Tools for Uncovering Flaws and more Slides Computer Networks in PDF only on Docsity!

Advanced Software

Vulnerability Assessment

The art and science of uncovering

subtle flaws in complex software…

Overview

Multitude of contemporary documentation

addresses security vulnerability exploitation in

depth, yet none address the methodology

and techniques of vulnerability assessment

thoroughly, if at all.

 Vulnerability classes and identification.

 Methodology of assessment.

 Tools of the trade.

Methodology

 Top down methodology.

 Bottom up methodology.

 Hybrid approach.

Top down approach

Start at the entry point and follow all code paths.

Pros:

 Complete coverage of the codebase.

 In depth understanding of the application functionality.

Cons:

 Very tedious and time consuming.

 Sometimes not feasible.

 Potential waste of resources.

Hybrid approach

 Incorporates elements from both top down and bottom up

methodologies effectively according to the requirements.

 Attempts to gain the advantages offered by the pervious

methods.

 Attempts to maximize results with a minimal amount of

resources.

 Streamlines the process and eliminates of reduces the impact of

the disadvantages of the previous approaches.

 Targets the critical code paths and analyzes them in depth while

still maintaining a sufficient level of overall analysis.

Tracking

 Tracking execution states is a helpful addition to

the methodologies described.

 Requirements definition.

 Desk checking.

 Following and reverse engineering the

programmers logic and often, making educated

guesses about the programmer‟s style of thinking.

Editors

 VIM:

Syntax highlighting

Bracket matching

Tags

 EMACS

 PICO

Source Browsers

 Source Navigator

 Cscope:

1. Recursively search

2. Find any symbol definition, or use.

3. Function calls, or functions called.

4. Plugins

 Cbrowser

Miscellaneous

 CVSWeb

Dangerous functions.

 Unbounded memory copies such as strcpy(), strcat() etc.

 Bounded memory copy functions.

Remaining length issue.

char buf[1024];

strcpy(buf, “user entered: “);

strncat(buf, user_data, sizeof(buf));

Off-by-one.

char buf[1024];

strcpy(buf, “user entered: “);

strncat(buf, user_data, sizeof(buf) – strlen(buf));

Pointer Arithmetic.

 Looping Constructs.

 Miscalculations.

 Off-by one errors.

Looping constructs: ntpd

while (cp < reqend && isspace(*cp)) cp++; if (cp == reqend || cp == ',') { buf[0] = '\0'; data = buf; if (cp < reqend) cp++; reqpt = cp; return v;} if (cp == '=') { cp++; tp = buf; while (cp < reqend && isspace(cp)) cp++; while (cp < reqend && *cp != ',') *tp++ = *cp++; // here is the problem if (cp < reqend) cp++; tp = '\0'; while (isspace((tp-1))) *(--tp) = '\0'; reqpt = cp; *data = buf; return v; }