Add to collection(s) Add to saved
  1. Math
  2. Geometry

Security Lab #A

advertisement 
Security Lab #A
Integer overflow
1. Download the program “integer overflow.cpp” from the website to begin.
a. Answer the questions at the bottom of the file. Place all answer at the BOTTOM of the
program.
2. For each of the following add the CODE to the previous problem, the appropriate c++
declaration:
a. Number of students at your college (25,000)
b. Population of Baltimore 637,455
c. Population of Maryland 5.6 million
d. the world population (6.6 billion).
3. Copy your code from above, attach the answered checklist below to your overall submission.
Checklists are used in many industries including aviation and software for safety
and error checking. Complete the following security checklist to identify potential
vulnerabilities in your code.
Security Checklist
Vulnerability
Integer Errors
Course
Check each line of code
CMSC 201/CINS 225
Underline each occurrence of an integer variable.
For each underlined variable:
Mark with a V any input operations that assign values to the variable.
Mark with a V any mathematical operations involving the variable.
Mark with a V any assignments made to the variable.
V == Possible Vulnerability!!
4. Knowing that information:
a. Write a program that prompts the user to input the length and width of a rectangle and
then prints the rectangle’s area and perimeter
b. Write a program that inputs hours worked, pay rate, and income tax rate computes total
pay and net pay.
Buffer Overflow
1. Download the program “buffer overflow.cpp” from the website to begin. Place all answer at the
BOTTOM of the program.
a. Run and compile the above program. Describe the results.
b. What happens if you type “3” for the first prompt? 7? 12? 20?
c. What happens if you type 10 for the first prompt and then 3, 7, 12, and 20 for the
second prompt?
d. List potential buffer overflow errors.
e. Provide example inputs that might cause buffer overflow problems
f. What strategies might you use to remove potential buffer overflow vulnerabilities from
this program? Describe the buffer overflow problem.
g. What can result from a buffer overflow?
h. How could you prevent a buffer overflow from occurring in your program?
i. Buffer overflows can be troublesome if they are used by attackers to run their own code.
What sort of things might an attacker try to do if he or she were able to run any code
they wanted on a computer?
2.
Complete the checklist below for your program. Did you find any
vulnerabilities? If so, list them and revise the program to eliminate them.
Security Checklist:
Security Checklist
Vulnerability
Buffer Overflow
Course
CS1
Task – Check each line of code
1. Finding Arrays:
1.1 Underline each array declaration
1.2. For each array, underline all subsequent references
2. Index Variables – legal range for an array of size n is 0 <= i < n
2.1 For each underlined access that uses a variable as an index, write the legal range
next to it.
2.2 For each index marked in 2.1, underline all occurrences of that variable.
2.3. Mark with a V any assignments, inputs or operations that may modify these index
variables. Does your code verify that these operations will result in an index value that
is within the appropriate bounds? If not, you may have a vulnerability.
3. Loops that modify index variables
3.1 Find loops that modify variables used to index arrays. For any index that occurs as
part of a loop conditional, underline the loop limit. For example, if i < max is the
conditional in a for loop, underline max
3.2. Write the legal range of the array index next to the loop limit as you did in step 2.1.
Mark with a V if the loop limit could exceed the legal range of the array index. Watch
out for loop that go until i <=max , as the largest valid index is max-1
3.3 If either the upper or lower loop limit is a variable, it must be checked just as
indices are checked in Step 2
Shaded areas indicate vulnerabilities!
Completed
If-Else Input Validation
For each of the following, include the appropriate input validation:
1. Write a program to enter a test score and print the appropriate letter grade.
2. Write a program that inputs the number of credits a student has taken and prints whether the
student is a freshman, sophomore, junior, or senior.
3. Write a program that asks a user for their day, month, and year of birth. Make sure that each of
these values are validated appropriately
4. Write a program that inputs three numbers and prints the largest. Be sure and test with
appropriate data.
5. Write a program that asks the user to enter a number within the range of 1 to 10. Use a switch
statement to display the Roman numeral version of that number. Input validation: Do not accept a
number less than 1 or greater than 10.
6. Write a program that displays the following menu:
Geometry Calculator
1.
Calculate the Area of a Circle
2.
Calculate the Area of a Triangle
3.
Calculate the Area of a Rectangle
4.
Quit
Enter your choice (1-4):
If the user enters 1, the program should ask for the radius of the circle and then display its area. Use
the formula:
area = ∏r2 Use 3.14159 for ∏.
If the user enters 2 the program should ask for the length of the triangle’s base and its height, and
then display its area. Use the formula:
area = base * height * .5
If the user enters 3, the program should ask for the length and width of the rectangle of the rectangle
and then display the rectangle’s area. Use the formula: area = length * width. Also display a
message if the figure is a square.
If the user enters 4, the program should end.
7. For the last program, complete the following for this program.
a. List the potential input validation errors.
b. Provide example inputs that might cause validation problems and describe the problems that
they might cause.
8. Modify the last program to include the appropriate input validation (using the programming
knowledge you have to date). Input Validation: Display an error message if the user enters a
number outside the range of 1 through 4 when selecting an item from the menu. Do not accept
negative values for the circle’s radius, the rectangles length or width, or the triangle’s base or
height.
Security Checklist:
Security Checklist
Vulnerability
Improper Input Validation
Course
Task – Check each line of code
CS1
Completed
Mark with a V each variable that is input.
For each input variable, which of the following is applicable: Yes N/A
Check length
Check range (reasonableness?)
Check all options
Check type
Shaded areas indicate vulnerabilities
Loop Input Validation
All questions below can be coded into ONE program.
1.
2.
3.
4.
Write an input validation loop that asks the user to enter a body temperature.
Write an input validation loop that asks the user to enter a body weight.
Write an input validation loop that asks the user to enter a height, in feet and inches.
Write a calculator program that displays a menu of operations and allows the user to display
simple calculations
5. Complete the following checklist for each program. Add any additional input validation to your
program.
Security Checklist:
Security Checklist
Vulnerability
Improper Input Validation
Task – Check each line of code
Course
CS1
Completed
Mark with a V each variable that is input.
For each input variable, which of the following is applicable: Yes N/A
Check length
Check range (reasonableness?)
Check all options
Check type
Shaded areas indicate vulnerabilities
String Input Validation
1. Download the program “String Overflow.cpp” from the website to begin. Place all answer at the
BOTTOM of the program.
a. List the potential input validation errors.
b. Provide example inputs that might cause validation problems and describe the problems
that they might cause.
c. What happens if you type non-numeric characters for the starting position?
2. Complete the following checklist for this program.
Security Checklist:
Security Checklist
Vulnerability
Improper Input Validation
Task – Check each line of code
Course
CS1
Completed
Mark with a V each variable that is input.
For each input variable, which of the following is applicable: Yes N/A
Check length
Check range (reasonableness?)
Check all options
Check type
Shaded areas indicate vulnerabilities
Related documents
documentation checklist
documentation checklist
Project Transition Checklist
Project Transition Checklist
Functions - Computer and Information Sciences at Towson University
Functions - Computer and Information Sciences at Towson University
Functions - Computer and Information Sciences at Towson University
Functions - Computer and Information Sciences at Towson University
(Non-Compliance) with Condition(s) Applications
(Non-Compliance) with Condition(s) Applications
H.264 Rate Control
H.264 Rate Control
Historical Story Revising and Editing Checklist
Historical Story Revising and Editing Checklist
Format of Pre-Proposals for Capstone Design Projects
Format of Pre-Proposals for Capstone Design Projects
Download
advertisement