Application & Web Security: Lecture Notes

Why should we spend time learning about a weakness of lower-level languages, if we can instead build projects in Java, Python, etc?
C and C++ are two of the most popular languages and are used in many critical platforms: in most Operating Systems' kernels, in web and database servers like Microsoft SQL, Mysql, and Apache, and even in embedded systems such as cars, Mars rovers, industrial robotic arms, etc. Ignoring buffer overflow threats can, therefore, lead to dire consequences!
In what ways could a hacker exploit a buffer overflow?
- Steal private/confidential information.
- Corrupt variables of the current program, another program, or the operating system.
- Write malicious code into Main Memory and execute it.
In the C program on the previous slide, we read data beyond the defined array. Can a hacker also overwrite data?
Unfortunately, yes. This is how a hacker can get to add and run malicious code.