Home > General, Technology > 19 Deadly Sins Of Software Security

19 Deadly Sins Of Software Security

Wonderful book on Application Security that I recently read. Here are the deadly 19 sins that we end up making quite frequently, listed in non-sorted order:

  1. Buffer Over run: It’s a problem in low-level languages such as C and C++. The effect of this can also be seen in Sin 2 i.e. Format String Problem, may result in anything from crash to the attacker gaining complete control of the application, and if the application is running with root privileges, then control of the entire OS and any other users who are currently logged on, or will log on, is in the hands of the attacker.  This problem is complex and even experienced coders fall prey to this sin.
  2. Format String problem: This is kind of latest problem that’s seen. It is about trusting the user supplied input with out validation. Exploiting this can allow attacker to bypass stack protections, and even modify very small protections of memory.
  3. Integer overflow: Floating point errors. Exploiting this may some time result in buffer overrun and arbitrary code execution.
  4. SQL Injection: This is a standard example for all-too-common code defect that can lead to machine compromises and may result in the disclosure of sensitive data. This attack not only leads to database data damage but may potentially lead to server and network compromise. For an attacker, database compromise is a stepping stone to more sophisticated attacks.
  5. Command Injection: User input into a particular text box of the form can be a shell command. This command can give the person control over the data access to far more access to ever intended
  6. Exception Handling Failure: With no proper exception handling, a program can end up in an insecure state. This may result in Denial of Service or server crash.
  7. Cross Site Scripting: XSS, usually deal with cookies falling into malicious third party. Hence the term “cross site”, the cookie is transferred from a client computer accessing a valid, but vulnerable, web-server site to a sit of the attacker.
  8. Protect Network traffic: Failing to protect wifi, SMTP, IMAP, POP3 traffic
  9. Magic URLs and Hidden fields: Carrying username tokens in the browser URLs and hidden fields carrying sensitive information are not actually hidden.
  10. Improper use of SSL & TLS: Incorrect way of configuring SSL or revocated certificates may lead to several headaches.
  11. Weak password based system: Most of the applications accepts weak passwords that are vulnerable to brute force, dictionary, or password guessing threats
  12. Failing to protect data securely: Failing to provide secure way of transferring and storing of the sensitive data. In the era of cloud computing where third party provides data storage plays even more critical role and SLAs, since lot of company’s private sensitive information is being stored in the third party data store and passing over the wire!
  13. Information Leakage: By Accidental and By Intention
  14. Improper file access: This is extremely difficult to spot even for code reviewers. Race Condition (Time of Check and Time of Use: TOCTOU) are associate with synchronization errors may lead to exploit most dangerous vulnerability of replacing sensitive files.
  15. Trusting network name resolution
  16. Race Condition: Invalid handling of multiple processes and threads, where two or more threads rely on a shared state to produce an output. This issue can easily be found when a program is executed on a dual core system than on single core.
  17. Unauthenticated Key Exchange: Unauthenticated Key exchange over SSL TLS. Client should be given valid certificate up on authentication, else deny.
  18. Cryptographically Strong Random Number: Strong Random numbers should be generated for better functioning of most of the operations. HashTable collision issue can be resolved with strong random number!
  19. Poor Usability: Build a secure software that is easy for the end user to use and more balanced in terms of functionality and security.

For few of the Sins explanation isn’t provided, I would recommend every one to go through this book from McGrawhill publications! Great book happy reading.

Feel free to leave a comment on this post.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: