Source

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them

Page Contents

OVERVIEW OF THE SIN
CWE REFERENCES
AFFECTED LANGUAGES
THE SIN EXPLAINED
SPOTTING THE SIN PATTERN
SPOTTING THE SIN DURING CODE REVIEW
TESTING TECHNIQUES TO FIND THE SIN
EXAMPLE SINS
REDEMPTION STEPS
EXTRA DEFENSIVE MEASURES
OTHER RESOURCES
SUMMARY

C++ CATASTROPHES

<anchor role="natural" id="p2001b4bf9980144"></anchor><emphasis role="bold">OVERVIEW OF THE SIN</emphasis> Errors in C++ are one of the newer types of attack. The actual attack mechanism is typically one of two variants on the same theme. The first is that a class may contain a function pointer. Microsoft Windows, Mac OS, and the X Window System APIs tend to pass around a lot of function pointers, and C++ is a common way to work with GUI (graphical user interface) code. If a class containing a function pointer can be corrupted, program flow can be altered. The second at…

Citation

Michael Howard; David LeBlanc; John Viega: 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them. C++ CATASTROPHES, Chapter (McGraw-Hill Professional, 2010), AccessEngineering Export

Sign in

Request a Free Trial for Your Organization

Source

Page Contents

C++ CATASTROPHES

Please sign in to view the rest of this entry.

Citation