- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Inside the Buffer Overflow Attack:Mechanism, Method, & Prevention
- Abstract
- The objective of this study is to take one inside the buffer overflow attack and bridge the gap between the "descriptive account" and the "technically intensive account". The intent is to provide a logical, detailed, and technical explanation of the problem and the exploit that can be well understood by all, including those with little background in the mechanics and methodology of applications programming. We will begin by looking at the "problem" and the problem "mechanism", and then investigate the "means" and the "method". Based on what we find, we will conclude with recommendations, and a menu for "prevention". Hopefully this approach may also help bridge the gap between "knowledge" and "understanding". Although it may never be possible to purge the world of this security concern, it is certainly within the realm of possibility that the buffer overflow attack be reduced to a level of insignificance through true understanding.