mailing list archives
Re: What are the basic vulnerabilities of a software?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 01 Jun 2010 09:42:44 +1200
rajendra prasad wrote:
I am preparing a list of main and basic vulnerabilities in software. Please
let me know If you know other than the below list.
Why yes, I do...
List of Basic Vulnerabilities:
1. Buffer Overflow: Stack, Heap.
2. Format String Vulnerabilities
3. SQL Injections
4. XSS Vulnerabilities
Cheating on a homework assignment?
Arguably only one of the above is a basic vulnerability (and even that
is probably debatable) -- the other three are just examples of one or
other basic types (and two of them are probably examples of the same
basic type). Try to get hold of the RISOS Project report(s) or sources
that summarize that work. Any good, basic CompSec textbook should
cover this stuff, BUT there is more than one widely referenced
comprehensive categorization of basic security errors, so you should
probably check around a bit...
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/