PrepAway - Latest Free Exam Questions & Answers

which of the following types of attack is this application susceptible?

A programmer has allocated a 32 bit variable to store the results of an operation between two user
supplied 4 byte operands. To which of the following types of attack is this application susceptible?

PrepAway - Latest Free Exam Questions & Answers

A.
XML injection

B.
Command injection

C.
Integer overflow

D.
Header manipulation

One Comment on “which of the following types of attack is this application susceptible?

  1. Super_Mario says:

    In short, ” a 32 bit variable” is an “Integer”.
    An integer (from the Latin integer meaning “whole”) is a number that can be written without a fractional component.
    The number 2,147,483,647 (or hexadecimal 7FFF,FFFF16) is the maximum positive value for a 32-bit signed binary integer in computing. It is therefore the maximum value for variables declared as integers (e.g., as int ) in many programming languages, and the maximum possible score, money, etc. for many video games.
    Overflow/Underflow:Let’s now talk about overflow and underflow now. Overflow occurs when a positive value exceeds the maximum that can be stored in a data type, while underflow occurs when a negative value is less than the minimum that can be stored in a data type. Choosing a data type wide enough to avoid computational overflow or underflow is of great importance. Overflow/underflow can cause a program to crash and/or behave in an incorrect manner that’s difficult to diagnose.

    Process of Elimination:
    (A)- XML Injection: XML Injection is an attack technique used to manipulate or compromise the logic of an XML application or service. The injection of unintended XML content and/or structures into an XML message can alter the intend logic of the application.There is no indication whatsoever in this question that this is an XML Application. The application could have been written in any other language as far as we know (Pascal, C, C++, C#)
    (B)- Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. A command injection is therefore an external action via a vulnerable application. In this scenario, we have the case of an internal coding which can lead to a vulnerability
    (D) Header manipulation – Has absolutely nothing to do with the issue at hand

    In light of the above, the only possible answer is (C) – Integer overflow… as we are speaking of ” a 32 bit variable” to be used with 4 byte operands.




    1



    0

Leave a Reply