Use AWS Cloud 9 to create two different unique and complete demonstrations of Risky Resource
Management such as Buffer Copy without Checking Size of Input, Improper Limitation of a Pathname to
a Restricted Directory, Download of Code Without Integrity Check, Inclusion of Functionality from
Untrusted Control Sphere, Use of Potentially Dangerous Function, Incorrect Calculation of Buffer Size,
Uncontrolled Format String, and Integer Overflow or Wraparound.
You will provide unique code that contains the vulnerability and then provide an updated version of the
code that fixes the vulnerability. You should also describe why the original code was vulnerable and
discuss specific attack methods a user could try to exploit the vulnerability. Finally discuss how the new
code fixes the vulnerability.
Details
1. Select 2 CWE/SANS Top 25 vulnerabilities from one of these specific issues:
a. Buffer Copy without Checking Size of Input,
b. Improper Limitation of a Pathname to a Restricted Directory ,
c. Download of Code Without Integrity Check, and
d. Inclusion of Functionality from Untrusted Control Sphere.
e. Use of Potentially Dangerous Function
f. Incorrect Calculation of Buffer Size
g. Uncontrolled Format String
h. Integer Overflow or Wraparound