1.4.12 Software Exploitation
Software is written by humans, and thus tends to be imperfect. In the quest to ship a product, or go into production with an in-house application, corners are cut and long hours are put in, and bugs (or flaws) tend to creep into programs unintentionally. Crackers can exploit some of these bugs.
A later section looks at code deliberately designed for a malicious purpose. This section looks at code that wasnt meant to be a security problem, but which someone figured out how to use, to cause trouble.
Software exploitation often involves subjecting a program to an unusual condition it doesnt handle well such as sending an excessively large amount of data to the program, sending data of an unanticipated type (say, something that looks like an OS command or program statement rather than a last name), running the program while the systems disk space is full, or running the program with some strange setting (used by the program) in the users login environment.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.