1
Q
Give examples of Memory Safe Vulnerabilities
A
- Buffer overflow
- Format String
- Integer Overflow
2
Q
Whitebox Bug Finding vs Blackbox Bug Finding
A
- Whitebox is internal structure testing with a deep understanding of the code and implementation
- Blackbox is functionality testing to ensure it behaves as expected
3
Q
What is Fuzzing?
A
- Automated software testing of feeding a software random, unexpected, or malformed inputs
- Detects crashes or software vulnerabilities
4
Q
What is Grey Box Fuzzing?
A
Fuzzing with runtime feedback (reactive)
5
Q
Black Box Fuzzing vs White Box Fuzzing
A
- Black box fuzzing uses random input generation
- White box fuzzing uses program structure and contraints for input
6
Q
What do Fuzzing Tools Do?
A
Automates:
- Input Generation
- Input Injection
- Bug Detection
7
Q
What is White Box Testing?
A
- Manual, systematic code inspection for weaknesses and vulnerabilities
- Conducted by developers and peers
- Can find defects earlier than test execution
8
Q
Give Examples of Common Memory Safety Issues
A
- Buffer Overflow: writing beyond array bounds
- Use-after-free: accessing freed memory
- Null pointer deference: using uninitialized or null memory
- Stack Overflow: Excessive Recursion
Engineering Secure Software
flashcards
Decks in class (11)
# Cards
