Preventing Vulnerability Exploits by Building Secure Software with RunSafe Code Protections
In this RunSafe Security Minute video, we create a side-by-side comparison to demonstrate the differences between traditional software builds without built-in protection and a software build that incorporates RunSafe code to safeguard against vulnerability exploits.
In the first scenario, we utilize a standard software development environment that operates in a CentOS 7 setting with compilers, GCC, Python tools, and more installed to emulate the creation of a GPS logger program. As part of the build, we expose common vulnerabilities like buffer overflow and information leaks to illustrate the potential opportunities for threat actors to attack.
For the scenario that leverages RunSafe Code, we start with a Docker file and install Alchemist and LFR (RunSafe Code) via an Artifactory repository – a simple install. Then, we execute the builds using LFR Helper Make. Even if your build script dates back 40 years, adding LFR Helper will enhance security effortlessly.
When running, take note of how the vulnerabilities are easily exploited on the unprotected version, leaking information and creating a file.
However, the same attempt on the RunSafe-protected version results in failure, which is signaled by a negative 11 return code, indicating a prevented seg fault. RunSafe Code uses patented Moving Target Defense (MTD) techniques to neutralize memory-related exploits.
The simple addition of RunSafe code during build time creates an alternative to manual code analysis and continuous patching. You can build secure software by deploying RunSafe Code with a straightforward package install and the addition of LFR Helper to your build commands. This protection extends across various Linux environments, including Alpine, Debian, Ubuntu, CentOS, Rocky Linux, and Red Hat, with seamless integrations into AOSP, OpenWRT, Yocto, Build Root, and Artifactory, enabling developers to build secure software.
Take action today to fortify your software effortlessly and prevent exploiting vulnerabilities with the addition of RunSafe code during build time.