0

I am working on a client server application in which client is written in java and server in c++.

One of my customer haas perform penetration testing using Think Secure Tool(Not sure about exactly what tools they used) and got the vulnerability(more appropriately weaknees) 1.Memory leakage through web server process and 2.Potential buffer overflow.

They got this result to a specific port which our application use to show all the events associated.

I have no clue about this issue and have no idea to approach this issue.Kindly suggest me the approach or any reference meterial that can help me in this issue... Thanks in Advance

Amit
  • 1
  • 3

1 Answers1

1

If your Server application is written in C++ and leaking Memory have you tried analyzing your code with valgrind? If you are working on windows other free tools are available here

For buffer overflows in C++ avoid C like arrays and work with Smart Pointer

Community
  • 1
  • 1
Christian Rapp
  • 1,853
  • 24
  • 37
  • Do you mean to say the memory leak fix for the server code will rectify this MEMORY LEAKAGE THROUGH WEB SERVER PROCESS? and please explain something to use Valgrind, does it work for windows also? Thanks – Amit Feb 20 '13 at 06:56
  • Memory leakage should be tested by using appropriate tools. While Valgrind is for Linux, Christian has provided a link for Windows and you can use them. For buffer overflows,check https://www.owasp.org/index.php/Buffer_Overflows#General_Prevention_Techniques Though if you are a developer, the most important thing is to do bounds checking. – R V Marti Feb 09 '14 at 07:02