WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search






Table Of Contents  CertiGuide to Security+
 9  Chapter 1:  General Security Concepts (Domain 1.0; 30%)
      9  1.4  Attacks

Previous Topic/Section
1.4.11.2  Dictionary
Previous Page
Pages in Current Topic/Section
1
Next Page
 Buffer Overflows
Next Topic/Section

1.4.12  Software Exploitation

Software is written by humans, and thus tends to be imperfect. In the quest to “ship” a product, or “go into production” with an in-house application, corners are cut and long hours are put in, and “bugs” (or flaws) tend to creep into programs unintentionally. Crackers can exploit some of these bugs.

A later section looks at code deliberately designed for a malicious purpose. This section looks at code that wasn’t meant to be a security problem, but which someone figured out how to use, to cause trouble.

Software exploitation often involves subjecting a program to an unusual condition it doesn’t handle well – such as sending an excessively large amount of data to the program, sending data of an unanticipated type (say, something that looks like an OS command or program statement rather than a last name), running the program while the system’s disk space is full, or running the program with some strange setting (used by the program) in the user’s login “environment”.

Quick navigation to subsections and regular topics in this section



Previous Topic/Section
1.4.11.2  Dictionary
Previous Page
Pages in Current Topic/Section
1
Next Page
 Buffer Overflows
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.