Exploring Ethical Hacking and Buffer Overflow Defenses

Verified

Added on 2020/05/08

AI Summary

The report provides an in-depth analysis of ethical hacking with a focus on buffer overflow attacks—a prevalent vulnerability where programs fail due to improper memory handling for input strings. It outlines the risks such as unauthorized system access and data integrity compromise, while proposing remedial actions like input validation and secure coding practices. Additionally, it explores how buffer overflow exploits are developed, emphasizing stack-based over heap-based methods, thereby equipping systems against these threats.

Running head: ETHICAL HACKING AND DEFENCE
Ethical Hacking And Defence
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1ETHICAL HACKING AND DEFENCE
Executive Summary
This report looks into the aspect of ethical hacking, also regarded as penetration testing is the process though
which weaknesses are located in computer and information systems, by way of duplicating the intent and actions
of malicious hackers. An ethical hacker is a security professional who implements the hacking skills as a way of
defence on behalf of the owners of financial systems.

2ETHICAL HACKING AND DEFENCE
Table of Contents
1. Introduction.............................................................................................................................................................3
2. Discussion...............................................................................................................................................................3
2.1 Risks And Remediation Advice........................................................................................................................3
2.2 How the exploit was developed........................................................................................................................4
3. Conclusion...............................................................................................................................................................4
4. References...............................................................................................................................................................5

3ETHICAL HACKING AND DEFENCE
1. Introduction
Ethical hacking is a way through which weaknesses and vulnerabilities are located in computer systems
and other information technology infrastructures and buffer overflow is a part of this concept. This report is aimed
to look into the risks associated with Buffer Overflow attack, which leads to a failure in program either while
allocating sufficient memory for an input string or while testing the length of a string, if they are within the valid
range (Bishop et al., 2012). This is where the hacker takes advantage of the loophole through submission of a
larger input to the program meant to allocate buffer input and modify the close variables, resulting in the program
to hop on to unintended places or even get the program’s instructions replaced by the arbitrary code. The risks and
remedial measures are discussed along with the detailing of how the exploit was developed.
2. Discussion
2.1 Risks And Remediation Advice
There are several kinds of buffer overflows, most popular ones being Heap Buffer Overflow and Format
String Attack. The risks associated with this kind of attack are:
a) They target the input fields of web servers, web applications and desktop applications, leading to the
systems getting crashed.
b) Buffer overflows allow attackers to get hold of the systems, take control through unauthorized access
(Chen et al., 2013).
c) Compromise the integrity of original data
In spite of these risks, there are certain remedial measures, which can help protect the systems from
getting attacked by Buffer Overflow. Some of the measures are as follows:
i) Validation of all input data can help prevent systems from getting attacked by the problems of Buffer
Overflow.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4ETHICAL HACKING AND DEFENCE
ii) Checking Bounds can help prevent buffer overflows though this requires extra code and processing
time.
iii) An effective way to avoid the problem of buffer overflow is by coding in a safe and secured manner.
Security has to be kept in mind while designing an application.
iv) Usage of safe libraries is another way to detect any attempt to run illegal and irrelevant code on the
stack. Libsafe Library is an example of a safe library which finds a way of protecting calls to these functions by
interchanging the unsafe functions that are implemented in the shared glibc library with safer versions ( Fouque,
Leresteux & Valette, 2012).
2.2 How the exploit was developed?
Buffer Overflow is an exploit which takes benefit of a program that lies on a user’s input. There are two
main types of buffer overflow attacks, heap based and stack based. Stack based attack is a more common attack as
compared to Heap based attack. Heap based attack is not common due to the complexity involved with them. In a
stack-based buffer overrun, the program which gets exploited uses a memory object known as stack to store user
input (Fu & Shi, 2012). During that situation, a return memory address is written to the stack by the program and
input of the user is placed on that. Through processing of the stack, the input of the user gets sent return address
mentioned by the program.
3. Conclusion
Through this report, the mechanism of buffer overflow attack, what leads to the attack, how the
preventing measures can be implemented, has been discussed. Abiding by the mentioned steps and measures
would help avoid computer systems from getting exploited by the menace of Buffer Overflow.

5ETHICAL HACKING AND DEFENCE
4. References
Bishop, M., Engle, S., Howard, D., & Whalen, S. (2012). A taxonomy of buffer overflow characteristics. IEEE
Transactions on dependable and secure computing, 9(3), 305-317.
Chen, G., Jin, H., Zou, D., Zhou, B. B., Liang, Z., Zheng, W., & Shi, X. (2013). Safestack: Automatically
patching stack-based buffer overflow vulnerabilities. IEEE Transactions on Dependable and Secure
Computing, 10(6), 368-379.
Fouque, P. A., Leresteux, D., & Valette, F. (2012, March). Using faults for buffer overflow effects.
In Proceedings of the 27th Annual ACM Symposium on Applied Computing (pp. 1638-1639). ACM.
Fu, D., & Shi, F. (2012, November). Buffer overflow exploit and defensive techniques. In Multimedia Information
Networking and Security (MINES), 2012 Fourth International Conference on (pp. 87-90). IEEE.