Buffer-overflow flaws and vulnerabilities can cause serious damage to an organization by means of an embarrassing and expensive data security breach or by enabling an attacker to assault a Web application and gain control of a corporate machine.
What must a programmer do to prevent Buffer Overflows in a program she has written?
1. Avoid using library files: Library files, which are used in programming language and are inherently insecure, are a target for hackers during application attacks. Any weakness found by a hacker in a library file will also exist in all applications that use that library file, giving hackers a glaring target for a potential attack.
2. Filter user input: Filtering out possibly dangerous HTML code and characters that could cause database problems. For example, in ASP code, the apostrophe, quotation mark and ampersand symbols are all reserved symbols. These reserved symbols can't be included within a user's input or they will cause the application to crash. Filter them out and replace them with something else to avoid complications and problems.
3. Test applications: Be sure to test all applications prior to deployment; trying to break into every application to ensure secure coding. If the application breaks, it will be clear that there is a problem that needs to be fixed before a hacker is able to exploit it.