From the course: Writing Secure Code for Android by Infosec
Join today to access over 24,900 courses taught by industry experts.
Format string attacks
From the course: Writing Secure Code for Android by Infosec
Format string attacks
- Format string attacks. Why did we just spend some time talking about formatting? Well, because you can take string formatting to a level where it might constitute a vulnerability. Let's talk about format string attacks. What's a format string? We already know. It's an ASCII string. It has text and format parameters. We've been playing with that. Format strings are used to insert values into a text string. You could put in variable substitutions and data formatting. We've played with that. They exist in many programming languages, including Kotlin and Java and C, Objective-C, Swift, Python, et cetera, et cetera, et cetera. When you insert a value into an output string, you can use format specifiers as placeholders, and you pass the values in as additional parameters into the function. And they're really useful. I mean, they allow you to format the output so it's easier to read. They can save programmers a lot of time and effort when the language permits automatic type conversions…
Contents
-
-
- (Locked) Understanding input risks14m 59s
- (Locked) Autocompletion, part 113m 34s
- (Locked) Autocompletion, part 29m 13s
- (Locked) Activity: Securing autocomplete4m 30s
- (Locked) Special characters, part 111m 4s
- (Locked) Special characters, part 26m 3s
- (Locked) Activity: Using special characters11m 25s
- (Locked) Null safety, part 112m 17s
- (Locked) Null safety, part 2: Safe call operator4m 41s
- (Locked) Null safety, part 3: Not-null operator3m 35s
- (Locked) Null safety, part 4: Elvis operator7m
- (Locked) Null safety, part 5: Safe cast and unsafe cast operators7m 57s
- (Locked) Null safety, part 6: Smart cast8m 55s
- (Locked) Activity: Implementing null safety, part 111m 35s
- (Locked) Activity: Implementing null safety, part 213m 18s
- (Locked) Activity: Implementing null safety, part 315m 15s
- (Locked) String interpolation11m 2s
- (Locked) Activity: Understanding string interpolation15m 8s
- (Locked) Format string attacks7m 42s
- (Locked) Regular expressions, part 114m 4s
- (Locked) Regular expressions, part 26m 26s
- (Locked) Activity: Working with regular expressions in Kotlin, part 114m 1s
- (Locked) Activity: Working with regular expressions in Kotlin, part 210m 3s
- (Locked) Activity: Validating input with regular expressions in Kotlin, part 314m 56s
- (Locked) Input sanitization7m 4s
- (Locked) Activity: Sanitizing input3m 51s
- (Locked) Activity: Clamping input to a range5m 16s
- (Locked) Kotlin filter and trim6m 35s
- (Locked) Activity: Filtering and trimming9m 49s
- (Locked) Cross-site attacks14m 13s
- (Locked) Activity: Exploring cross-site scripting10m 8s
- (Locked) Cross-app scripting4m 42s
- (Locked) Activity: Defending against cross-app scripting9m
- (Locked) Code tampering and injection, part 17m 7s
- (Locked) Code tampering and injection, part 210m 35s
- (Locked) Code tampering and injection, part 311m 37s
- (Locked) Activity: Filtering a malicious QR code, part 18m 57s
- (Locked) Activity: Filtering a malicious QR code, part 23m 59s
- (Locked) SQL injection14m 24s
- (Locked) SQL stored procedures4m 55s
- (Locked) Object deserialization, part 14m 48s
- (Locked) Object deserialization, part 24m 25s
- (Locked) Activity: Protecting JSON with an API key, part 116m 17s
- (Locked) Activity: Protecting JSON with an API key, part 24m 48s
- (Locked) Form validation, part 112m 12s
- (Locked) Form validation, part 29m 37s
- (Locked) Form validation, part 36m 29s
- (Locked) Activity: Validating form input, part 113m 29s
- (Locked) Activity: Validating form input, part 24m 36s
- (Locked) WebView vulnerabilities, part 111m 34s
- (Locked) WebView vulnerabilities, part 210m 13s
- (Locked) Activity: Securing Android WebView11m 53s
- (Locked)
-
-
-
-
-
-