Software security

Software vulnerabilities

Common types of software flaws that lead to vulnerabilities include:

• Memory safety violations, such as:
  • Buffer overflows
  • Dangling pointers
• Input validation errors, such as:
  • Format string attacks
  • SQL injection
  • Code injection
  • E-mail injection
  • Directory traversal
  • Cross-site scripting in web applications
  • HTTP header injection
  • HTTP response splitting
• Race conditions, such as:
  • Time-of-check-to-time-of-use bugs
  • Symlink races
• Privilege-confusion bugs, such as:
  • Cross-site request forgery in web applications
  • Clickjacking
  • FTP bounce attack
• Privilege escalation
• User interface failures, such as:
  • Warning fatigue [2] or user conditioning.
  • Blaming the Victim Prompting a user to make a security decision without giving the user enough information to answer it [3]
  • Race Conditions [4] [5]

Some set of coding guidelines have been developed and a large number of static code analysers has been used to verify that the code follows the guidelines.

See also

• Browser security
• Computer emergency response team
• Information security
• Internet security
• Mobile security
• Vulnerability scanner