Search the web and report on at least four recent (within last five years) buffer overflow attacks or SQL injection. Explain the attacks in two to three pages using your own words.

INSTRUCTIONS TO CANDIDATES

ANSWER ALL QUESTIONS

CPIS 605 – Software Security

Objective: Understand the stack smashing buffer exploit thoroughly.

1.      From the paper “Smashing the stack for fun and profit” by Alephone do the following (10%)

1. Download the article by Aleph One (see References). You will be extracting the source code of c and exploit4.c files from it.
2. Improve the code of c and exploit4.c so that there are no warning messages from gcc even after using the flags as in gcc -ansi -pedantic -Wall.
3. Reduce the size of their compiled binaries by at least 5% as seen by the size command when exactly the same flags are used in the compilation. Make sure no functionality is lost. Do not just remove printf's. Do not use gcc optimization
4. Login as a non-root user. Verify that the exploit still works on the vulnerable program. (It may not!)
5. Turn in a report but also with answers to the questions below, and thoroughly describing your changes, and how you verified that there was no loss of functionality. Include properly indented versions of your exploit[34].c Use indent -kr.
6. Answer the question: What is the "environment"?
7. Answer the question: Why does c run system("/bin/bash") at the end of main()?

2. Search the web and report on at least four recent (within last five years) buffer overflow attacks or SQL injection. Explain the attacks in two to three pages using your own words. (10%)

Related Questions

. The fundamental operations of create, read, update, and delete (CRUD) in either Python or Java

CS 340 Milestone One Guidelines and Rubric  Overview: For this assignment, you will implement the fundamental operations of create, read, update,

. Develop a program to emulate a purchase transaction at a retail store. This  program will have two classes, a LineItem class and a Transaction class

Retail Transaction Programming Project  Project Requirements:  Develop a program to emulate a purchase transaction at a retail store. This

. The following program contains five errors. Identify the errors and fix them

7COM1028   Secure Systems Programming   Referral Coursework: Secure

. Accepts the following from a user: Item Name Item Quantity Item Price Allows the user to create a file to store the sales receipt contents

Create a GUI program that:Accepts the following from a user:Item NameItem QuantityItem PriceAllows the user to create a file to store the sales receip

. The final project will encompass developing a web service using a software stack and implementing an industry-standard interface. Regardless of whether you choose to pursue application development goals as a pure developer or as a software engineer

CS 340 Final Project Guidelines and Rubric  Overview The final project will encompass developing a web service using a software stack and impleme