Question

It was a job that Tim had wanted right from the start of his career. Being a project manager at a well-known software firm was definitely a sign of prestige. But now, his credibility was at stake.

Since the project was running behind schedule, he had to hurry through testing. Tim had worked with the same team for his previous projects, and all of the other projects had successful conclusions; therefore, he thought that nothing would possibly go wrong with this one. This notion made him overconfident about the testing of this project.

But this time, he was not lucky. The Web server of the client company succumbed to a buffer overflow attack. This was due to a flaw in coding because bounds were not checked. The client suffered a huge financial loss.

1. What should Tim have done to prevent this from happening?
2. Why is thorough product testing important, especially to a software engineering firm?

Answer 1

a) First of all the Tim shouldn't have deployed the software to the client without testing it properly as it may lead to the damage of reputation for him and his compnay as we had seen in the case mentioned above so one must thoroughly check a software before handing it over to the client .

The buffer overflow is type of attack which happens when when the data entered by the user exceeds the limit of the buffer and the data gets overwritten ar the memory locations near the buffer and thus an attacker takes advantage of this buffer overflow and thw replace the overflow data at nearby memory locations with their code and thus they get access to the data this attack could however be prevented by avoiding programming languages like C and C++ which are prone to these attacks and one could also mark certain memory locations as non executable in order to which could stop the attacker from running it's code in the non executable regions one could also make the address space random for the executable code as the buffer flow attack need to the exact region or the address of the memory .

b) Through product testing is very important for a software firm as their reputation will be at stake if they deploy a defective software which could lead to malicious attacks like buffer overflow , Dos and other attacks which in turn could lead to the huge financial losses for the client and thus in turn client could even take legal actions against the company to settle it's score