Scribd Logo
Hochladen

Willkommen bei Scribd!

  • ECSP Brochure

    Hochgeladen von

    luvlastcall
    49 Ansichten10 Seiten
    A large percentage of possible remote exploits are of the overflow variety. A buffer overflow vulnerability will allow an attacker to run arbitrary code on the victim's machine with the equivalent rights of whichever process was overflowed.

    Originalbeschreibung:

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    A large percentage of possible remote exploits are of the overflow variety. A buffer overflow vulnerability will allow an attacker to run arbitrary code on the victim's machine with the equivalent rights of whichever process was overflowed.

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    49 Ansichten10 Seiten

    ECSP Brochure

    Hochgeladen von

    luvlastcall
    A large percentage of possible remote exploits are of the overflow variety. A buffer overflow vulnerability will allow an attacker to run arbitrary code on the victim's machine with the equivalent rights of whichever process was overflowed.

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 10

    EC-Council

    http://www.eccouncil.org
    Certified Secure Programmer
    Stop the Buffer Overflows.
    Stop the Hackers.
    Start Writing Secure Code.
    TM
    EC-Council
    E C S P
    Certified Secure Programmer
    EC-Council
    http://www.eccouncil.org
    Certified Secure Programmer
    About 95% of software bugs come from common, well-understood programming
    mistakes. Today's developers ... oftentimes don't have the academic discipline of
    secure software engineering and secure software development and training around
    what characteristics would create flaws in the program or lead to bugs.
    One of the problems is that the educational establishment generally doesn't teach
    secure programming at the undergradute, or even graduate level.
    Problem Statement
    EC-Council
    http://www.eccouncil.org
    Vulnerability in applications are attributed to poor programming, lack of input validation and lack of
    structured software engineering process. Buffer overflows make up one of the largest collections of
    vulnerabilities in existence; And a large percentage of possible remote exploits are of the overflow variety.
    If executed properly, an overflow vulnerability will allow an attacker to run arbitrary code on the victim's
    machine with the equivalent rights of whichever process was overflowed. This is often used to provide a
    remote shell onto the victim machine, which can be used for further exploitation.
    A buffer overflows in application can be avoided by writing secure software code.
    Buffer Overflows
    char remote[] =
    "\xeb\x0a""1234567890" /* buffer overflow code */
    "\x31\xc0\x50\x50\x66\xc7\x44\x24\x02\x1b\x58\xc6\x04\x24\x02\x89\xe6"
    "\xb0\x02\xcd\x80\x85\xc0\x74\x08\x31\xc0\x31\xdb\xb0\x01\xcd\x80\x50"
    "\x6a\x01\x6a\x02\x89\xe1\x31\xdb\xb0\x66\xb3\x01\xcd\x80\x89\xc5\x6a"
    "\x10\x56\x50\x89\xe1\xb0\x66\xb3\x02\xcd\x80\x6a\x01\x55\x89\xe1\x31"
    "\xc0\x31\xdb\xb0\x66\xb3\x04\xcd\x80\x31\xc0\x50\x50\x55\x89\xe1\xb0"
    "\x66\xb3\x05\xcd\x80\x89\xc5\x31\xc0\x89\xeb\x31\xc9\xb0\x3f\xcd\x80"
    "\x41\x80\xf9\x03\x7c\xf6\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62"
    "\x31\xc0\x50\x50\x66\xc7\x44\x24\x02\x1b\x58\xc6\x04\x24\x02\x89\xe6"
    "\xb0\x02\xcd\x80\x85\xc0\x74\x08\x31\xc0\x31\xdb\xb0\x01\xcd\x80\x50"
    "\x6a\x01\x6a\x02\x89\xe1\x31\xdb\xb0\x66\xb3\x01\xcd\x80\x89\xc5\x6a"
    "\x10\x56\x50\x89\xe1\xb0\x66\xb3\x02\xcd\x80\x6a\x01\x55\x89\xe1\x31"
    "\xc0\x31\xdb\xb0\x66\xb3\x04\xcd\x80\x31\xc0\x50\x50\x55\x89\xe1\xb0"
    "\x66\xb3\x05\xcd\x80\x89\xc5\x31\xc0\x89\xeb\x31\xc9\xb0\x3f\xcd\x80"
    "\x41\x80\xf9\x03\x7c\xf6\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62"
    "\x31\xc0\x50\x50\x66\xc7\x44\x24\x02\x1b\x58\xc6\x04\x24\x02\x89\xe6"
    "\xb0\x02\xcd\x80\x85\xc0\x74\x08\x31\xc0\x31\xdb\xb0\x01\xcd\x80\x50"
    "\x6a\x01\x6a\x02\x89\xe1\x31\xdb\xb0\x66\xb3\x01\xcd\x80\x89\xc5\x6a"
    "\x10\x56\x50\x89\xe1\xb0\x66\xb3\x02\xcd\x80\x6a\x01\x55\x89\xe1\x31"
    "\xc0\x31\xdb\xb0\x66\xb3\x04\xcd\x80\x31\xc0\x50\x50\x55\x89\xe1\xb0"
    "\x66\xb3\x05\xcd\x80\x89\xc5\x31\xc0\x89\xeb\x31\xc9\xb0\x3f\xcd\x80"
    "\x41\x80\xf9\x03\x7c\xf6\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62"
    "\x69\x6e\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80\xa1\x5f\x66\x6e\x69";
    ...
    ...
    EC-Council
    http://www.eccouncil.org
    Certified Secure Programmer
    EC-Councils Certified Secure Pro-
    grammer and Certified Secure
    Application Developer are being
    offered to provide the essential and
    fundamental skills to programmers
    and application developers in
    secure programming. The most
    prevalent reason behind buggy code
    and vulnerabilities being exploited
    by hackers and malicious code is the
    lack of adoption of secure coding
    practices.
    The Certified Secure Programmer
    and Certified Secure Application
    Developer programs will ensure
    that programmers and developers
    are exposed to the inherent security
    drawbacks in various programming
    languages or architectures. They
    will be further trained to exercise
    secure programming practices to
    overcome these inherent drawbacks
    in order to pre-empt bugs from the
    code.
    EC-Council
    http://www.eccouncil.org
    ECSP / CSAD
    Certified Secure Programmer lays
    the basic foundation required by all
    application developers and develop-
    ment organizations to produce
    applications with greater stability
    and posing lesser security risks to
    the consumer. The Certified Secure
    Application Developer standardizes
    the knowledge base for application
    development by incorporating the
    best practices followed by experi-
    enced experts in the various
    domains.
    The distinguishing aspect of ECSP
    and CSAD is that unlike vendor or
    domain specific certifications, it
    exposes the aspirant to various
    programming languages from a
    security perspective. This drives
    greater appreciation for the plat-
    form / architecture / language one
    specializes on as well as an overview
    on related ones.
    EC-Council Certified Secure Programmer (ECSP)
    and
    Certified Secure Application Developer (CSAD)
    EC-Council
    http://www.eccouncil.org
    Requirements
    1. To achieve EC-Council Certified
    Secure Programmer (E|CSP), pass
    EC-Councils Certified Secure Pro-
    grammer 312-92 exam.

    2. To achieve EC-Council Certified
    Secure Application Developer
    (C|SAD), achieve an application
    development certification from any
    of the following vendors and pass
    EC-Councils Certified Secure Pro-
    grammer 312-92 exam.
    For Linux: LCE / LCA / RHCE /
    LPI certification
    For Microsoft: MCAD / MCSD
    certification
    For Sun: SCJD / SCEA certifica-
    tion
    For Oracle: OCP certification (
    DBA)
    For IBM: Websphere certification
    EC-Council
    http://www.eccouncil.org
    Benefits
    1. Exposure to a wide range of
    programming languages and train
    on well endorsed secure coding
    practices
    2. Improve your employability in
    development organizations
    3. Exposure to application develop-
    ment across platforms
    4. Enhance skills on writing better
    code and improve efficiency
    5. Build secure applications
    Target Audience
    The ECSP certification is intended
    for programmers who are respon-
    sible for designing and building
    secure Windows/Web based appli-
    cations with .NET/Java Framework.
    It is designed for developers who
    have C#, C++ and Java develop-
    ment skills.


    EC-Council
    http://www.eccouncil.org
    Certified Secure Programmer
    Certification
    ECSP Achieved
    Step 1
    Step 2
    Start
    Pass ECSP
    Exam 312-92
    Attend Writing Secure
    Code Training
    TM
    EC-Council
    E C S P
    Certified Secure Programmer
    EC-Council
    http://www.eccouncil.org
    Certified Secure Application Developer
    Certification
    CSAD Achieved
    Step 1
    Step 2
    Start
    Achieve any one of the
    following vendor
    specific certifications:
    For Linux:
    LCE / LCA / RHCE / LPI certification
    For Microsoft:
    MCAD / MCSD certification
    For Sun:
    SCJD / SCEA certification
    For Oracle:
    OCP certification ( DBA)
    For IBM:
    WebSphere certification
    Achieve ECSP
    Certification
    TM
    Certified
    C S A D
    Secure Application Developer
    EC-Council
    http://www.eccouncil.org
    International Council of E-Commerce Consultants
    67 Wall Street, 22nd Floor
    New York, NY 10005-3198
    USA
    Phone: 212.380.1571
    Fax: 212.202.3500
    Copyright 2005 EC-Council. All Rights Reserved.

    Das könnte Ihnen auch gefallen