GIAC Foundational Cybersecurity Technologies Practice Test

Which mitigation technique places a value before the return pointer in the stack for buffer overflow protection?

• A. Canary
• B. Parameterized query
• C. Random session token
• D. Format String

The correct answer is: Canary

The technique that involves placing a value before the return pointer in the stack for buffer overflow protection is known as a canary. A canary value acts as a guard or sentinel that helps detect whether a buffer overflow has occurred. In practice, a canary value is a known value placed just before the return address in the stack frame. When a function is executed, if the canary value remains unchanged when the function returns, it indicates that no buffer overflow occurred that could have overwritten the return pointer. If the canary value is altered, it suggests that a buffer overflow has taken place, triggering a security response, such as aborting the program or raising an alert. This canary technique is particularly effective against certain types of attacks that aim to manipulate the return address on the stack. By checking the integrity of the canary value before the function returns, it provides a robust way to enhance the security of the application against stack-based buffer overflow vulnerabilities. The other options, while related to security practices, serve different purposes. For instance, parameterized queries prevent SQL injection attacks, random session tokens are used to enhance web session security, and format string vulnerabilities are a different type of issue that arises from improper handling of string inputs in functions. Each serves