Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Oleksii Dykan - Secure Coding guidlines

Oleksii Dykan - Secure Coding guidlines

This was presented at the Swift Usergroup Netherlands. Would you like to speak/present? Visit https://swift.amsterdam for more information.

Oleksii will talk us through the Secure Coding document by Apple. It will include the following topics : buffer overflow/underflows, invalidated inputs, social engineering. He will describe techniques to use and factors to consider to make your code more secure from different types of attack.
Oleksii is an iOS developer from Ukraine who is currently located in Rotterdam. He works for WeAreReasonablePeople where they create all kinds of software and UI prototypes.

Swift Usergroup Netherlands

November 28, 2017
Tweet

More Decks by Swift Usergroup Netherlands

Other Decks in Programming

Transcript

  1. X Buffer overflows / underflows Secure Coding Guide #include <stdio.h>

    #include <string.h> void doit(void) { char buf[128]; gets(buf); printf("%s\n", buf); } int main(void) { printf("So... The End...\n"); doit(); printf("or... maybe not?\n"); return 0; }
  2. X Buffer overflows / underflows Secure Coding Guide #include <stdio.h>

    #include <string.h> void doit(void) { char buf[128]; gets(buf); printf("%s\n", buf); } int main(void) { printf("So... The End...\n"); doit(); printf("or... maybe not?\n"); return 0; }
  3. X Buffer overflows / underflows Secure Coding Guide #include <stdio.h>

    #include <string.h> void doit(void) { char buf[128]; gets(buf); printf("%s\n", buf); } int main(void) { printf("So... The End...\n"); doit(); printf("or... maybe not?\n"); return 0; }
  4. X Buffer overflows / underflows Secure Coding Guide #include <stdio.h>

    #include <string.h> void doit(void) { char buf[128]; gets(buf); printf("%s\n", buf); } int main(void) { printf("So... The End...\n"); doit(); printf("or... maybe not?\n"); return 0; }
  5. X Buffer overflows / underflows Secure Coding Guide #include <stdio.h>

    #include <string.h> void doit(void) { char buf[128]; gets(buf); printf("%s\n", buf); } int main(void) { printf("So... The End...\n"); doit(); printf("or... maybe not?\n"); return 0; }
  6. X Buffer overflows / underflows Secure Coding Guide #include <stdio.h>

    #include <string.h> void doit(void) { char buf[128]; gets(buf); printf("%s\n", buf); } int main(void) { printf("So... The End...\n"); doit(); printf("or... maybe not?\n"); return 0; }
  7. X Buffer overflows / underflows Secure Coding Guide #include <stdio.h>

    #include <string.h> void doit(void) { char buf[128]; gets(buf); printf("%s\n", buf); } int main(void) { printf("So... The End...\n"); doit(); printf("or... maybe not?\n"); return 0; }
  8. X Buffer overflows / underflows Secure Coding Guide #include <stdio.h>

    #include <string.h> void doit(void) { char buf[128]; gets(buf); printf("%s\n", buf); } int main(void) { printf("So... The End...\n"); doit(); printf("or... maybe not?\n"); return 0; } … buf[0] buf[127] . . . … return address … Buffer overflow
  9. X How to avoid these overflow? Use functions that check

    the bounds (i.e. fgets instead of gets) Secure Coding Guide
  10. X How to avoid these overflow? Use functions that check

    the bounds (i.e. fgets instead of gets) Some things are done by OS Secure Coding Guide
  11. X How to avoid these overflow? Use functions that check

    the bounds (i.e. fgets instead of gets) Some things are done by OS DON’T USE C Secure Coding Guide
  12. X Social engineering attacks myapp://cmd/delete?file=cached data that is slowing down

    your system.,key_from_my_bitcon_wallet.txt Secure Coding Guide
  13. X Social engineering attacks myapp://cmd/delete?file=cached data that is slowing down

    your system.,key_from_my_bitcon_wallet.txt Secure Coding Guide