Security bug
From Wikipedia, the free encyclopedia
(Redirected from Security bugs)
 |
This article does not cite any references or sources. (February 2008) |
See also: Vulnerability (computing)
A security bug or security defect is a software bug that benefits someone other than intended beneficiaries in the intended ways.
Security bugs introduce security vulnerabilities by compromising one or more of:
- Authentication of users and other entities [1]
- Authorization of access rights and privileges [2]
- Data confidentiality
- Data integrity
Security bugs need not be identified, surfaced nor exploited to qualify as such.
Contents |
Causes [edit]
Main article: Vulnerability (computing)
Security bugs, like all other software bugs, stem from root causes that can generally be traced to either absent or inadequate:
- Software developer training
- Use case analysis
- Software engineering methodology
- Quality assurance testing
- ...and other best practices
Taxonomy [edit]
Security bugs generally fall into a fairly small number of broad categories that include:
- Memory safety (e.g. buffer overflow and dangling pointer bugs)
- Race condition
- Secure input and output handling
- Faulty use of an API
- Improper use case handling
- Improper exception handling
- Preprocessing input strings after they are checked for being acceptable.
Mitigation [edit]
See Software Security Assurance.
See also [edit]
- Computer security
- Hacking: The Art of Exploitation Second Edition
- IT risk
- Threat (computer)
- Vulnerability (computing)
References [edit]
- ^ "CWE/SANS TOP 25 Most Dangerous Software Errors". SANS. Retrieved 13 July 2012.
- ^ "CWE/SANS TOP 25 Most Dangerous Software Errors". SANS. Retrieved 13 July 2012.
