In the previous two chapters of this series, we talked about how a hacker can conduct attacks with SQL injection and OS command injection. These software weaknesses are in the top two positions in the SANS Top 25. Now we move on to the programming flaw at No. 3: buffer overflow.
Buffer overflow is caused by improper memory management in C/C++ code. Memory flaws are a major producer of zero-day issues and are extremely dangerous. In fact, the price of a memory flaw on the black market would be higher than the price of an SQL injection. It would climb even higher if the flaw is found in a commonly used software such as Adobe Reader, Adobe Flash or web browsers.
