Code-based attacks
Code-based attacks imply using vulnerabilities or weak/unsecure coding practices that can lead to exploitable applications. These exploits can allow attackers to modify or run executables or commands that result in gaining access to the system, reading data, modifying data, and more. In this section, we will discuss two very common types of attacks: buffer overflow and format string attacks.
Buffer overflow
Buffer overflow is one of the most common code-based attacks. It simply sends more or additional data into applications that don’t parse inputs. It works by moving data into memory if the applications don’t have a proper way to do limit checking and parsing on data. A simple example of a buffer overflow attack is a login page that is expecting an input of 8 bytes. If you send more than 8 bytes of data, the additional data will be written to an overflow buffer. This overflow buffer would be a piece of memory that is allocated to a different...
