D. A. Wheeler. Secure programming for Linux and Unix HOWTO v3.010. http://www.dwheeler.com/secure-programs/, March 2003.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....which they often do not. Many of these functions are powerful for handling strings and thus popular. More secure versions have in some cases been implemented but are not always know by programmers. There are lists of these dangerous C functions often involved in published buffer overflows [35, 30, 31]. From these lists we have chosen to take the fifteen functions considered most risky into our testbed: 1. ets( 9. sprintf ( 2. cuserid( 10. strcat( 3. scanf ( 11. strcpy( 4. fscanf( 12. streadd( 5. sscanf( 1. strecpy( 6. vscanf ( 14. vsprintf ( I. vsscanf ( 15. strtrns( 8. ....

....23 unsafe and 21 safe. BOON only tested with buffer overflow vulner abilities. 4 Comparison of Static Intrusion Prevention Tools Our testbed contains 20 vulnerable functions chosen from ITS4 s vulnerability database (category RISKY to HOST RISKY) Secure programming for Linux and UNIX HOWTO [35], and the whole [fvsn]printf( family (see section 2.3 and 2.5 for a complete list) We do not claim that this test suite is perfectly fair, nor complete. But the sources from where we have chosen the vulnerabilities seem reasonable and the test result will at least provide us with an interesting ....

David A. Wheeler. Secure programming for Linux and Unix HOWTO v2.89. http: //www.dwheeler. com/secure-programs/, October 2001.

No context found.

D. A. Wheeler. Secure programming for Linux and Unix HOWTO v3.010. http://www.dwheeler.com/secure-programs/, March 2003.

No context found.

D. A. Wheeler. Secure programming for Linux and Unix HOWTO v3.010. http://www.dwheeler.com/ secure-programs/, March 2003.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC