Materials developed for CS2 focus on three important security vulnerabilities:

Integer errors

Integer errors can happen when assignments, mathematical operations, and external input lead to a result that is too large to fit within the range of values that can be stored in variables of a given data type. These errors can lead to loss of data due to overflow, truncation, or sign problems.

Injection module for: C++ Java
Answers (instructor access only): C++ Java
Security Injections 2.0 (demo) C++ Java
 

Input validation

Input validation vulnerabilities are caused by failure to verify that input data are within the right value range, contain the right data, or otherwise meet the appropriate specification.

Injection module for: C++ Java
Answers (instructor access only): C++ Java
Security Injections 2.0 (demo) C++ Java
 

Buffer overflow

Buffer overflow involves writing a value outside the boundaries of a bounded, static-size array.

Injection module for: C++ Java 
Answers (instructor access only): C++ Java 
Security Injections 2.0 (demo) C++ Java

 

 

Additional modules

Encapsulation

Encapsulation means binding of both data and methods (behaviors) into a single entity called a class. If handled properly, it can enhance program security else it can create major security risks in a program.

Author : Dr. L. Kristan Presnell, Ph.D., Anne Arundel Community College

Injection module for: C++

 

For more details regarding secure coding recommendations for C++ and Java, please refer to the   CERT Secure Coding Standards.

 
Copyright © Towson University