Linux Exploits & Mitigation: String Vulnerability Analysis

Overview/Description
Expected Duration
Lesson Objectives
Course Number
Expertise Level

---

Overview/Description

String vulnerabilities are at the core of a wide range of exploits. Being able to recognize, debug, and fix unsafe string manipulation code is essential to avoiding vulnerabilities. In this course, you'll explore how string code can be written safely and how strings vulnerabilities are exploited.

You'll look at the most common format string vulnerabilities in the C programming language and what it means to overflow a string buffer. You'll debug string exploits, including vulnerabilities introduced by common string output and manipulation functions. Next, you'll correct common errors, check strings for safety, loop over strings, and see what happens when unsafe strings are executed in a program. Finally, you'll describe how code can be injected via strings and how strings can be returned safely.

Expected Duration (hours)
1.2

Lesson Objectives

Linux Exploits & Mitigation: String Vulnerability Analysis

discover the key concepts covered in this course

describe how strings are exploited in computer programs

illustrate the weaknesses caused by string formatting methods

perform a string buffer overflow in a C program

apply flags to the gcc compiler to catch string weaknesses by converting warnings into errors

recognize and correct weaknesses introduced by poorly implemented string copies

recognize and correct common input string vulnerabilities

explore how generating command line string inputs can exploit insecure string methods

check input strings for validity and safety

perform loops over characters in a string in a safe manner

run programs that fail due to unsafe strings

describe how strings executed dynamically can lead to vulnerabilities

recognize safe and unsafe methods of returning strings in C

summarize the key concepts covered in this course

Course Number:
it_cylxexdj_03_enus

Expertise Level
Intermediate