As a software developer, you are aware that various generations of programming languages have different features. Which of the following is most vulnerable to buffer overflow attacks? (Wentz QOTD)
A. Client-based applications using C
B. Server-based applications using C#
C. Data-centric applications using Java
D. Backend web applications using JavaScript
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is A. Client-based applications using C.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
Unlike JavaScript, C#, and Java, the C language provides programming constructs to control hardware directly and invoke services provided by the operating system. For example, a “pointer” is used to manipulate memory, either statically or dynamically allocated.
Applications developed using JavaScript, C#, and Java are managed applications and executed in a runtime environment or sandbox. For example, C# applications (compiled to MSIL) on top of the .NET framework, Java application in the Java Virtual Machine (JVM), and JavaScript in the browser or the Node.js runtime.
Buffer overflows may happen in managed applications. However, they are typically well-managed by the runtime or sandbox. C applications manage memory by themselves; they are more vulnerable to buffer overflow attacks.
Reference
作為軟件開發人員,您知道不同代的編程語言具有不同的特性。 以下哪一項最容易受到緩衝區溢出攻擊? (Wentz QOTD)
A. 使用 C 的基於客戶端的應用程序
B. 使用 C# 的基於服務器的應用程序
C. 使用 Java 的以數據為中心的應用程序
D. 使用 JavaScript 的後端 Web 應用程序