Security bug
A security bug or security defect is a software bug that can be exploited to gain unauthorized access or privileges on a computer system. Security bugs introduce security vulnerabilities by compromising one or more of:
* Authentication of users and other entities
* Authorization of access rights and privileges
* Software developer training
* Use case analysis
* Software engineering methodology
* Quality assurance testing
* and other best practices
Taxonomy
Security bugs generally fall into a fairly small number of broad categories that include:
* Memory safety (e.g. buffer overflow and dangling pointer bugs)
* Race condition
* Secure input and output handling
* Faulty use of an API
* Improper use case handling
* Improper exception handling
* Resource leaks, often but not always due to improper exception handling
* Preprocessing input strings before they are checked for being acceptable
Mitigation
See software security assurance.
* Authentication of users and other entities
* Authorization of access rights and privileges
* Software developer training
* Use case analysis
* Software engineering methodology
* Quality assurance testing
* and other best practices
Taxonomy
Security bugs generally fall into a fairly small number of broad categories that include:
* Memory safety (e.g. buffer overflow and dangling pointer bugs)
* Race condition
* Secure input and output handling
* Faulty use of an API
* Improper use case handling
* Improper exception handling
* Resource leaks, often but not always due to improper exception handling
* Preprocessing input strings before they are checked for being acceptable
Mitigation
See software security assurance.
Comments