Coursera - Software Security - Week 1
1. Three of the following are classic security properties:

• Confidentiality
• Integrity
• Availability

2. Morris Worm is the first Buffer Overflow Attack.
3. The stack is memory for storing Local Variables
4. Why is it that the compiler does not know the absolute address of a local variable?

• As a stack-allocated variable, it could have different addresses depending on who called the function

5. When does a buffer overflow occur?

• When a pointer is used to access memory not allocated to it 

6. How does a buffer overflow on the stack facilitate running attacker-injected code?

• By overwriting the return address to point to the location of that code

7. Nop Sled: It is a sequence of nops preceding injected shellcode, useful when the return address is unknown. The sequence nop instructs "sleds" the instruction pointer to the actual attacker code of interest
8. Exploitation of the Heartbleed bug permits a read outside bounds of a buffer.
9. Anti-virus scanners would not have found an exploitation of Heartbleed because
Anti-virus scanners tend to look for viruses and other malicious code, but Heartbleed exploits steal secrets without injecting any code
10. An integer overflow occurs when an integer is used to access a buffer outside of the buffer's bounds.