Secure CodingSecure Coding Course

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Home Forums Courses Secure Coding Course Secure Coding

This topic contains 1 reply, has 2 voices, and was last updated by  MPLCB 2 years, 2 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #84721

    pradnya wagh
    Participant

    Securing coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently the primary cause of commonly exploited software vulnerabilities. Through the analysis of thousands of reported vulnerabilities, security professionals have discovered that most vulnerabilities stem from a relatively small number of common software programming errors. By identifying the insecure coding practices that lead to these errors and educating developers on secure alternatives, organizations can take proactive steps to help significantly reduce or eliminate vulnerabilities in software before deployment.
    Buffer overflows, a common software security vulnerability, happen when a process tries to store data beyond a fixed-length buffer. The overflowed data may overwrite other data which can result in a security vulnerability (stack smashing) or program termination (segmentation fault).

    An example of a C program prone to a buffer overflow is

    int vulnerable_function(char * large_user_input) {
    char dst[SMALL];
    strcpy(dst, user_input);
    }
    If the user input is larger than the destination buffer, a buffer overflow will occur. To fix this unsafe program, use strncpy to prevent a possible buffer overflow.

    int secure_function(char * user_input) {
    char dst[BUF_SIZE];
    //copy a maximum of BUF_SIZE bytes
    strncpy(dst, user_input,BUF_SIZE);
    }
    Another secure alternative is to dynamically allocate memory on the heap using malloc.

    char * secure_copy(char * src) {
    int len = strlen(src);
    char * dst = (char *) malloc(len + 1);
    if(dst != NULL){
    strncpy(dst, src, len);
    //append null terminator
    dst[len] = ‘\0’;
    }
    return dst;
    }
    In the above code snippet, the program attempts to copy the contents of src into dst, while also checking the return value of malloc to ensure that enough memory was able to be allocated for the destination buffer.

    #96897

    MPLCB
    Participant

    Hello,
    So far I am learning a lot from the “Secure Coding” course. However I don’t seem to find the lab session in Module 06 (Sensitive data Exposure). Try to fix that “bug” so that the tutorials flow.

    Keep up the good work!

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel