Buffer
Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle.
http://sfsecurity.pr.erau.edu.
Better Software
Engineering Practices - Testing
•Pros:
–Good testing practices
should catch most buffer overflows
•Cons:
–Time is money, sometimes it’s a more economically sound solution to allow buffer
overflows than to find them
–When using vendor software, you can’t white-box test software that you don’t
have the source code or the documentation for
–Data corruption is harder to detect than abnormal program behavior without dynamic
analysis tools