Security bug
See also: Vulnerability (computing)
A security bug or security defect is a software bug that can be exploited to gain unauthorized access or privileges on a computer system. Security bugs introduce security vulnerabilities by compromising one or more of:
- Authentication of users and other entities [1]
- Authorization of access rights and privileges [2]
- Data confidentiality
- Data integrity
Security bugs need not be identified, surfaced nor exploited to qualify as such.
Causes
Main article: Vulnerability (computing)
Security bugs, like all other software bugs, stem from root causes that can generally be traced to either absent or inadequate:
- Software developer training
- Use case analysis
- Software engineering methodology
- Quality assurance testing
- ...and other best practices
Taxonomy
Security bugs generally fall into a fairly small number of broad categories that include:
- Memory safety (e.g. buffer overflow and dangling pointer bugs)
- Race condition
- Secure input and output handling
- Faulty use of an API
- Improper use case handling
- Improper exception handling
- Resource leaks, often but not always due to improper exception handling
- Preprocessing input strings after they are checked for being acceptable.
Mitigation
See Software Security Assurance.
See also
- Computer security
- Hacking: The Art of Exploitation Second Edition
- IT risk
- Threat (computer)
- Vulnerability (computing)
References
- ↑ "CWE/SANS TOP 25 Most Dangerous Software Errors". SANS. Retrieved 13 July 2012.
- ↑ "CWE/SANS TOP 25 Most Dangerous Software Errors". SANS. Retrieved 13 July 2012.
This article is issued from Wikipedia - version of the Sunday, September 28, 2014. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.