•Author: Jedidiah R. Crandall, crandaj@erau.edu
•Distributed: 14 July 2002
•Embry-Riddle Aeronautical University in Prescott,
AZ
•NSF Grant for Interactive Security Education
Modules
•This document is a segment of a larger package of
materials on buffer overflow vulnerabilities,
defenses, and software practices. Also available are:
–Demonstrations of how buffer overflows occur (Java
applets)
–PowerPoint lecture-style presentations on
preventing buffer overflows (for C programmers), various defenses against buffer
overflow attacks, and a case study of Code Red
–Checklists and Points to Remember for C
Programmers
–An interactive module and quiz set with
alternative paths for journalists/analysts and IT managers as well as programmers and
testers
–A scavenger hunt on implications of the buffer
overflow vulnerability
•telling us how you
used this material and suggestions for improvements.
•