Insecure coding practices used by application developers can lead to the creation of vulnerabilities in programs. This reality is at the heart of all software vulnerabilities. Until secure coding practices are implemented across the board in all organizations and businesses, these flaws will continue to perpetuate vulnerabilities for exploitation. Three of the most common and damaging attacks enabled by potential vulnerabilities are buffer overflows, including stack overflows and heap/BSS/data overflows, as well as format string attacks. Stack buffer overflows are very popular among hackers because they are one of the easiest exploits to exploit. succeed and they offer the best payout. The vulnerability allows an attacker to enter data beyond the boundary of a variable, allowing it to be written to adjacent locations in memory. Once this data is written, the attacker triggers a method to call this memory location and execute the code. The results can range from application crashing to remote code execution, which generates a shell returned to the attacker. There are many tools available to attackers that will allow them to exploit potential stack buffer overflow vulnerabilities in remote systems, but these can often be fragmented among themselves. many platforms and require significant code overhaul to make them functional. Perhaps the best tool available on the Internet for centralizing the transmission of these exploits, and many others, is the Metasploit Framework. An example of this will be the easyftp_list.rb exploit which targets EasyFTP Server versions 1.7.0.11 and below. "EasyFTP fails to check the input size when parsing the 'path' parameter provided to an HTTP GET request, leading to a stack-based buffer overflow" (Metasplo...... middle of paper......it simulated attackers with the application's source code Although this goes deeper than what a real attacker would have access to, it provides a much more in-depth look at the code Works Cited. by Abysssec Security Research (May 8, 2010). Retrieved March 8, 2011 from http://www.abyssec.com/blog/2010/05/past-present-future-of-windows-exploitation. /Metasploit (August 17, 2010). Server <= 1.7.0.11 path list.html Stack buffer overflow Retrieved March 14, 2010 from http://www.exploit-db.com/exploits/16771/McClure, S, Scambiray , J and Kurtz, G. (2009). Hacking Exposed 6: Network Security Secrets and Solutions. Wichers, Dave (October 16, 2010 – OWASP Top 10 – 2010). //owasptop10.googlecode.com). /files/OWASP%20Top%2010%20-%202010.pdf