Failure States
As previously discussed, buffer overflows are one way in which an attacker can attempt to compromise application security; therefore, it is important that the developer exam the ways in which the application can fail and attempt to contain the damage. Well-coded applications have built-in recovery procedures, such as the following:
- Fail safe If a failure is detected, the system is protected from compromise by termination of services or disabling of the system.
- Fail soft A detected failure terminates the noncritical process or application while the system continues to function.
|
Applications that recover to a fail-open state allow an attacker to bypass security controls and easily compromise the system. Systems that fail-open are typically undesirable because of the security risk. |