Buffer overflow detection technique

5 pts.
Tags:
Buffer overflow
Computer programming
Security
which is the best buffer overflow detection technique?
ASKED: November 9, 2010  7:10 AM
UPDATED: October 29, 2013  7:47 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

A buffer overflow is an anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory. There are several techniques:
1. NOP sled technique: A NOP-sled is the oldest and most widely known technique for successfully exploiting a stack buffer overflow. It solves the problem of finding the exact address of the buffer by effectively increasing the size of the target area.
2. The jump to address stored in a register technique: This technique allows for reliable exploitation of stack buffer overflows without the need for extra room for a NOP-sled and without having to guess stack offsets.
3. Choice of programming language: The choice of programming language can have a profound effect on the occurrence of buffer overflows.
4. Use of safe libraries: The problem of buffer overflows is common in the C and C++ languages. So try to use HLL which helps to overcome this kind of problems.
5. Pointer protection: Buffer overflows work by manipulating pointers.

Hope this info helps you!

———

Actually, the first two techniques mentioned above, are techniques <b>to exploit</b> a buffer overflow vulnerability, while the other 3 are protective countermeasures.

Read the complete (and correct) information on SearchSecurity.
———

Also check this paper out it has some executable files mentioned that help detect and monitor overflows and some open source solutions. This also goes a little more in-depth as to what programs are vulnerable and why.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following