An overview of common programming security vulnerabilities and possible solutions

by Yves Younan
Oct. 2, 2017 1 comment Infosecwriters Apps & Hardening

Programming security vulnerabilities are the most common cause of software security breaches in current day computing. While these can easily be avoided by an attentive programmer, many programs still contain these kinds of vulnerabilities. This document will describe what the most commonly occuring ones are and will then explain how these can be abused to make a program do something it did not intend to do. We will then take a look at how a recent vulnerability in popular piece of software was exploited to allow an attacker to take control of the execution flow of that program. Several solutions exist to detect and prevent many, though not all, of the vulnerabilities described in this document in existing programs without requiring source code modifications, and in some cases without even requiring access to the source code to the applications. We will take an indepth look at how these solutions are implemented and what their effects are on legitimate programs, how they attempt to ...

http://www.infosecwriters.com/Papers/YYounan_common_program_vul.pdf

Avatar
Irina Alexandra Negrii 7 months, 1 week ago

An effective approach to IT security must, by definition, be proactive and defensive. Toward that end, this post is aimed at sparking a security mindset, hopefully injecting the reader with a healthy dose of paranoia.

Reply