Suche senden
Hochladen
安全程式設計 C語言
•
3 gefällt mir
•
1,426 views
M
mango chen
Folgen
安全程式設計 C語言
Weniger lesen
Mehr lesen
Software
Melden
Teilen
Melden
Teilen
1 von 12
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
如何讓Keras能在R語言中運作_安裝教學
如何讓Keras能在R語言中運作_安裝教學
Yen-Ting Su
Crashlytics 使用教學
Crashlytics 使用教學
ShengWen Chiou
轻松写出优雅的Java代码之check style
轻松写出优雅的Java代码之check style
Zhen Li
4a2g0039葉泳志期末專題報告
4a2g0039葉泳志期末專題報告
YongZhi Ye
Open CV Setting For Android Studio
Open CV Setting For Android Studio
Phoebe Huang
人工智慧01_安裝機器學習開發環境
人工智慧01_安裝機器學習開發環境
Fuzhou University
How to avoid check style errors
How to avoid check style errors
Guo Albert
FindBugs
FindBugs
Hsi-Min Chen
Empfohlen
如何讓Keras能在R語言中運作_安裝教學
如何讓Keras能在R語言中運作_安裝教學
Yen-Ting Su
Crashlytics 使用教學
Crashlytics 使用教學
ShengWen Chiou
轻松写出优雅的Java代码之check style
轻松写出优雅的Java代码之check style
Zhen Li
4a2g0039葉泳志期末專題報告
4a2g0039葉泳志期末專題報告
YongZhi Ye
Open CV Setting For Android Studio
Open CV Setting For Android Studio
Phoebe Huang
人工智慧01_安裝機器學習開發環境
人工智慧01_安裝機器學習開發環境
Fuzhou University
How to avoid check style errors
How to avoid check style errors
Guo Albert
FindBugs
FindBugs
Hsi-Min Chen
SonarLint for Eclipse
SonarLint for Eclipse
Hsi-Min Chen
電路學 - [第六章] 二階RLC電路
電路學 - [第六章] 二階RLC電路
Simen Li
[嵌入式系統] 嵌入式系統進階
[嵌入式系統] 嵌入式系統進階
Simen Li
Q4 2016 GeoTrellis Presentation
Q4 2016 GeoTrellis Presentation
Rob Emanuele
Fast, Distributed Geoprocessing with Scala, Spark and GeoTrellis
Fast, Distributed Geoprocessing with Scala, Spark and GeoTrellis
VisionGEOMATIQUE2014
IPv6 Deployment in Japan
IPv6 Deployment in Japan
Akira Nakagawa
Operational Experience of MAP-E
Operational Experience of MAP-E
Akira Nakagawa
JPNE MAP-E Deployment (IETF92@Dallas)
JPNE MAP-E Deployment (IETF92@Dallas)
Akira Nakagawa
MAP-E as IPv4 over IPv6 Technology
MAP-E as IPv4 over IPv6 Technology
Akira Nakagawa
Dual stack IPv4 / IPv6 Security Issues - A simple proof of concept
Dual stack IPv4 / IPv6 Security Issues - A simple proof of concept
Eduardo Coelho
MAP-E as IPv4 over IPv6 Technology - with some operational experiences
MAP-E as IPv4 over IPv6 Technology - with some operational experiences
APNIC
IPv4 vs IPv6
IPv4 vs IPv6
NetProtocol Xpert
IPv6-Networking-Referat: «Mapping of Address and Port (MAP) – Deep Dive»
IPv6-Networking-Referat: «Mapping of Address and Port (MAP) – Deep Dive»
Digicomp Academy AG
資訊安全規劃
資訊安全規劃
道成資訊股份有限公司
Presentation of ipv4 disadvantage,ipv6 advantage and transation from ipv4 to ...
Presentation of ipv4 disadvantage,ipv6 advantage and transation from ipv4 to ...
Iftikhar Wazir
Ipv4 & ipv6
Ipv4 & ipv6
kamran_share
超越敏捷开发(成就敏捷企业之道)
超越敏捷开发(成就敏捷企业之道)
Weijun Zhong
Comparison between ipv4 and ipv6
Comparison between ipv4 and ipv6
Dharmesh Patel
Linux firewall-201503
Linux firewall-201503
Kenduest Lee
ADF4113 Frequency Synthesizer 驅動程式實作
ADF4113 Frequency Synthesizer 驅動程式實作
Simen Li
Foundation of software development 2
Foundation of software development 2
netdbncku
Software Engineer Talk
Software Engineer Talk
Larry Cai
Weitere ähnliche Inhalte
Andere mochten auch
SonarLint for Eclipse
SonarLint for Eclipse
Hsi-Min Chen
電路學 - [第六章] 二階RLC電路
電路學 - [第六章] 二階RLC電路
Simen Li
[嵌入式系統] 嵌入式系統進階
[嵌入式系統] 嵌入式系統進階
Simen Li
Q4 2016 GeoTrellis Presentation
Q4 2016 GeoTrellis Presentation
Rob Emanuele
Fast, Distributed Geoprocessing with Scala, Spark and GeoTrellis
Fast, Distributed Geoprocessing with Scala, Spark and GeoTrellis
VisionGEOMATIQUE2014
IPv6 Deployment in Japan
IPv6 Deployment in Japan
Akira Nakagawa
Operational Experience of MAP-E
Operational Experience of MAP-E
Akira Nakagawa
JPNE MAP-E Deployment (IETF92@Dallas)
JPNE MAP-E Deployment (IETF92@Dallas)
Akira Nakagawa
MAP-E as IPv4 over IPv6 Technology
MAP-E as IPv4 over IPv6 Technology
Akira Nakagawa
Dual stack IPv4 / IPv6 Security Issues - A simple proof of concept
Dual stack IPv4 / IPv6 Security Issues - A simple proof of concept
Eduardo Coelho
MAP-E as IPv4 over IPv6 Technology - with some operational experiences
MAP-E as IPv4 over IPv6 Technology - with some operational experiences
APNIC
IPv4 vs IPv6
IPv4 vs IPv6
NetProtocol Xpert
IPv6-Networking-Referat: «Mapping of Address and Port (MAP) – Deep Dive»
IPv6-Networking-Referat: «Mapping of Address and Port (MAP) – Deep Dive»
Digicomp Academy AG
資訊安全規劃
資訊安全規劃
道成資訊股份有限公司
Presentation of ipv4 disadvantage,ipv6 advantage and transation from ipv4 to ...
Presentation of ipv4 disadvantage,ipv6 advantage and transation from ipv4 to ...
Iftikhar Wazir
Ipv4 & ipv6
Ipv4 & ipv6
kamran_share
超越敏捷开发(成就敏捷企业之道)
超越敏捷开发(成就敏捷企业之道)
Weijun Zhong
Comparison between ipv4 and ipv6
Comparison between ipv4 and ipv6
Dharmesh Patel
Linux firewall-201503
Linux firewall-201503
Kenduest Lee
ADF4113 Frequency Synthesizer 驅動程式實作
ADF4113 Frequency Synthesizer 驅動程式實作
Simen Li
Andere mochten auch
(20)
SonarLint for Eclipse
SonarLint for Eclipse
電路學 - [第六章] 二階RLC電路
電路學 - [第六章] 二階RLC電路
[嵌入式系統] 嵌入式系統進階
[嵌入式系統] 嵌入式系統進階
Q4 2016 GeoTrellis Presentation
Q4 2016 GeoTrellis Presentation
Fast, Distributed Geoprocessing with Scala, Spark and GeoTrellis
Fast, Distributed Geoprocessing with Scala, Spark and GeoTrellis
IPv6 Deployment in Japan
IPv6 Deployment in Japan
Operational Experience of MAP-E
Operational Experience of MAP-E
JPNE MAP-E Deployment (IETF92@Dallas)
JPNE MAP-E Deployment (IETF92@Dallas)
MAP-E as IPv4 over IPv6 Technology
MAP-E as IPv4 over IPv6 Technology
Dual stack IPv4 / IPv6 Security Issues - A simple proof of concept
Dual stack IPv4 / IPv6 Security Issues - A simple proof of concept
MAP-E as IPv4 over IPv6 Technology - with some operational experiences
MAP-E as IPv4 over IPv6 Technology - with some operational experiences
IPv4 vs IPv6
IPv4 vs IPv6
IPv6-Networking-Referat: «Mapping of Address and Port (MAP) – Deep Dive»
IPv6-Networking-Referat: «Mapping of Address and Port (MAP) – Deep Dive»
資訊安全規劃
資訊安全規劃
Presentation of ipv4 disadvantage,ipv6 advantage and transation from ipv4 to ...
Presentation of ipv4 disadvantage,ipv6 advantage and transation from ipv4 to ...
Ipv4 & ipv6
Ipv4 & ipv6
超越敏捷开发(成就敏捷企业之道)
超越敏捷开发(成就敏捷企业之道)
Comparison between ipv4 and ipv6
Comparison between ipv4 and ipv6
Linux firewall-201503
Linux firewall-201503
ADF4113 Frequency Synthesizer 驅動程式實作
ADF4113 Frequency Synthesizer 驅動程式實作
Ähnlich wie 安全程式設計 C語言
Foundation of software development 2
Foundation of software development 2
netdbncku
Software Engineer Talk
Software Engineer Talk
Larry Cai
安博士Asec 2010年7月安全报告
安博士Asec 2010年7月安全报告
ahnlabchina
Apache安装配置mod security
Apache安装配置mod security
Huang Toby
C语言benchmark覆盖信息收集总结4
C语言benchmark覆盖信息收集总结4
Tao He
安博士Asec 2010年9月安全报告
安博士Asec 2010年9月安全报告
ahnlabchina
調試器原理與架構
調試器原理與架構
hackstuff
企业安全应急响应与渗透反击V0.04(程冲)
企业安全应急响应与渗透反击V0.04(程冲)
WASecurity
Android系统移植技术详解
Android系统移植技术详解
zzc89522
DevSecOps-The Key of Continuous Security
DevSecOps-The Key of Continuous Security
4ndersonLin
PHPUnit slide formal
PHPUnit slide formal
jameslabs
Build Your Own Android Toolchain from scratch
Build Your Own Android Toolchain from scratch
National Cheng Kung University
GNU Autoconf / Automake #1
GNU Autoconf / Automake #1
imacat .
VulnScan_PenTest.pdf
VulnScan_PenTest.pdf
ssuser8b461f
Proxmox VE 功能概觀、案例分享與實用工具 [2019/12/07] @Proxmox VE 中文使用者社團 2019 年會
Proxmox VE 功能概觀、案例分享與實用工具 [2019/12/07] @Proxmox VE 中文使用者社團 2019 年會
Jason Cheng
淺談Android app之攻防思維
淺談Android app之攻防思維
National Cheng Kung University
雲端分散架構的駭客事件與安全問題
雲端分散架構的駭客事件與安全問題
Alan Lee
自动化漏洞利用关键技术研究(Automatic Vulnerability Exploitation Technologies)
自动化漏洞利用关键技术研究(Automatic Vulnerability Exploitation Technologies)
Jun LI
【HITCON FreeTalk】Supply Chain Attack
【HITCON FreeTalk】Supply Chain Attack
Hacks in Taiwan (HITCON)
C/C++调试、跟踪及性能分析工具综述
C/C++调试、跟踪及性能分析工具综述
Xiaozhe Wang
Ähnlich wie 安全程式設計 C語言
(20)
Foundation of software development 2
Foundation of software development 2
Software Engineer Talk
Software Engineer Talk
安博士Asec 2010年7月安全报告
安博士Asec 2010年7月安全报告
Apache安装配置mod security
Apache安装配置mod security
C语言benchmark覆盖信息收集总结4
C语言benchmark覆盖信息收集总结4
安博士Asec 2010年9月安全报告
安博士Asec 2010年9月安全报告
調試器原理與架構
調試器原理與架構
企业安全应急响应与渗透反击V0.04(程冲)
企业安全应急响应与渗透反击V0.04(程冲)
Android系统移植技术详解
Android系统移植技术详解
DevSecOps-The Key of Continuous Security
DevSecOps-The Key of Continuous Security
PHPUnit slide formal
PHPUnit slide formal
Build Your Own Android Toolchain from scratch
Build Your Own Android Toolchain from scratch
GNU Autoconf / Automake #1
GNU Autoconf / Automake #1
VulnScan_PenTest.pdf
VulnScan_PenTest.pdf
Proxmox VE 功能概觀、案例分享與實用工具 [2019/12/07] @Proxmox VE 中文使用者社團 2019 年會
Proxmox VE 功能概觀、案例分享與實用工具 [2019/12/07] @Proxmox VE 中文使用者社團 2019 年會
淺談Android app之攻防思維
淺談Android app之攻防思維
雲端分散架構的駭客事件與安全問題
雲端分散架構的駭客事件與安全問題
自动化漏洞利用关键技术研究(Automatic Vulnerability Exploitation Technologies)
自动化漏洞利用关键技术研究(Automatic Vulnerability Exploitation Technologies)
【HITCON FreeTalk】Supply Chain Attack
【HITCON FreeTalk】Supply Chain Attack
C/C++调试、跟踪及性能分析工具综述
C/C++调试、跟踪及性能分析工具综述
安全程式設計 C語言
1.
© 2016 Software
Engineering Consortium LAB FOR SECURE PROGRAMMING IN C 1
2.
© 2016 Software
Engineering Consortium Lab環境 Linux-Ubuntu14.04 32bits gcc gdb • sudo apt-get install gcc-multilib hexedit • sudo apt-get install hexedit 2
3.
© 2016 Software
Engineering Consortium Lab說明 Lab1: 以Flawfinder對程式碼進行安全分析 Lab2: 根據Lab1找到的安全漏洞,嘗試攻擊程式 Lab2-1:以Stack Overflow攻擊程式 Lab2-2:以Array Indexing Error攻擊程式 Lab2-3:以Format String Bugs攻擊程式 Lab3: 嘗試修改程式碼,避免遭受攻擊 3
4.
© 2016 Software
Engineering Consortium 補充資料:Flawfinder介紹 4
5.
© 2016 Software
Engineering Consortium Flawfinder簡介 http://www.dwheeler.com/flawfinder/ 容易安裝與使用的C與C++程式碼安全分析工具 條列可能的安全問題 根據錯誤嚴重等級排序各個分析出的安全問題 使用環境 Unix-based系統 • sudo apt-get install flawfinder 安裝Cygwin 的Windows系統 指令 flawfinder directory_with_source_code • 例如:flawfinder test1.c 5
6.
© 2016 Software
Engineering Consortium 範例程式碼(000.c) 6
7.
© 2016 Software
Engineering Consortium Flawfinder(1) 以”flawfinder 000.c”對000.c進行安全分析 程式名稱 錯誤等級 問題區域 危險函數/參數 程式碼行碼 錯誤說明 7
8.
© 2016 Software
Engineering Consortium Flawfinder(2) 8
9.
© 2016 Software
Engineering Consortium Flawfinder(3) Hits:找到錯誤數量 Lines analyzed :分析的程式碼行數與所耗費時間 Physical Source Lines of Code (SLOC):原始碼行數 Hits@level :各等級錯誤數量 Hits@level+ :各等級錯誤數量累計 Hits/KSLOC@level :錯誤數量/來源程式碼(千行) Minimun risk level :最小風險水平 9
10.
© 2016 Software
Engineering Consortium 補充資料:GDB指令介紹 10
11.
© 2016 Software
Engineering Consortium GDB指令(1) run (或r):執行程式 r 555 666 (以555和666作為輸入,並執行程式) disass:反組譯函數,檢視各個組合語言指令在記憶體中的位址 Ex: disass main (檢視main()的組合語言指令以及記憶體位置) breakpoint (或b, bre, break):設定中斷點 Ex1: b 19 (在程式碼原始碼中的第19行設定中斷點) Ex2: b *0x080485bc (在記憶體位置0x080485bc的指令設定中斷點) c:繼續執行程式直到下一個中斷點,或是直到程式結束 n:執行下一行程式碼(遇到函數呼叫,會讓函數執行完return) s:執行下一行程式碼(遇到函數呼叫,會讓進入函數) 11
12.
© 2016 Software
Engineering Consortium GDB指令(2) print: 檢視變數的內容 Ex1: print i (檢視變數i的內容) Ex2: print &I (檢視存放變數i的記憶體位址) x/32wx:印出 32個 word (4 bytes) 的記憶體內容 x/32wx $esp (印出$esp這個暫存器所指記憶體位址起的32個words記 憶體內容) 12
Jetzt herunterladen