Hack Proofing Your Network, Second Edition
Learn how protect your network from hackers, from the experts.
TABLE OF CONTENTS Hack Proofing Your Network, Second Edition
Chapter 7: Unexpected Input
Introduction
The Internet is composed of applications, each performing a role, whether it be routing, providing information, or functioning as an operating system. Every day sees many new applications enter the scene. For an application to truly be useful, it must interact with a user. Be it a chat client, e-commerce Web site, system command-line utility, or an online game, all applications dynamically modify execution based on user input. A calculation application that does not take user-submitted values to calculate is useless; an e-commerce system that doesn't take orders defeats the purpose.
Being on the Internet means that the application is remotely accessible by other people. If coded poorly, the application can leave your system open to security vulnerabilities. Poor coding can be the result of lack of experience, a coding mistake, or an unaccounted-for anomaly. Large applications are often developed in smaller parts consecutively, and joined together for a final project; it's possible that differences and assumptions exist in a module that, when combined with other modules, results in a vulnerability.
| Warning | The battle between application developers and network administrators is ageless. It is very hard to get nonsecurity-conscience developers to change their applications without having a documented policy to fall back on that states security as an immediate requirement. Many developers do not realize that their applications are just as integral to the security posture of a corporation as the corporation's firewall. The proliferation of vulnerabilities due to unexpected data is very high. You can find... |
Copyright Syngress Publishing, Inc. 2002 under license agreement with Books24x7
