Security bug

A security bug or security defect is a software bug that can be exploited to gain unauthorized access or privileges on a computer system. Security bugs introduce security vulnerabilities by compromising one or more of: Authentication of users and other entities Authorization of access rights and privileges Data confidentiality Data integrity Security bugs do not need be identified nor exploited to be qualified as such and are assumed to be much more common than known vulnerabilities in almost any system. Vulnerability (computing) Security bugs, like all other software bugs, stem from root causes that can generally be traced to either absent or inadequate: Software developer training Use case analysis Software engineering methodology Quality assurance testing and other best practices Security bugs generally fall into a fairly small number of broad categories that include: Memory safety (e.g. buffer overflow and dangling pointer bugs) Race condition Secure input and output handling Faulty use of an API Improper use case handling Improper exception handling Resource leaks, often but not always due to improper exception handling Preprocessing input strings before they are checked for being acceptable See software security assurance.

À propos de ce résultat

Cette page est générée automatiquement et peut contenir des informations qui ne sont pas correctes, complètes, à jour ou pertinentes par rapport à votre recherche. Il en va de même pour toutes les autres pages de ce site. Veillez à vérifier les informations auprès des sources officielles de l'EPFL.

Publications associées (1)

Concepts associés (7)

Cours associés (5)

Séances de cours associées (15)

Secure and Privacy-Enhancing Vehicular Communication Demonstration of Implementation and Operation

Panagiotis Papadimitratos, Petra Ardelean

With a number of projects developing vehicular communication systems, there is rising awareness on threats and the need to introduce security and privacy-enhancing mechanisms. With recent results, in principle in agreement across different major projects, there has been little work on implementation and demonstration of security and privacy-enhancing mechanisms. The contribution of this work is exactly in this direction: we present a demonstration of our system, comprising a range of mechanisms, developed to secure vehicular communications (VC) and enhance the location privacy of the users of VC systems.

Ieee Service Center, 445 Hoes Lane, Po Box 1331, Piscataway, Nj 08855-1331 Usa2008

Threat (computer)

In computer security, a threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application. A threat can be either a negative "intentional" event (i.e. hacking: an individual cracker or a criminal organization) or an "accidental" negative event (e.g. the possibility of a computer malfunctioning, or the possibility of a natural disaster event such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event.

Security bug

Exploit (informatique)

Un exploit ou code d'exploitation est, dans le domaine de la sécurité informatique, un élément de programme permettant à un individu ou à un logiciel malveillant d'exploiter une faille de sécurité informatique dans un système informatique. Que ce soit à distance (remote exploit) ou sur la machine sur laquelle cet exploit est exécuté (local exploit), le but de cette manœuvre est de s'emparer des ressources d'un ordinateur ou d'un réseau, d'accroître le privilège d'un logiciel ou d'un utilisateur sur la machine-cible, ou encore d'effectuer une attaque par déni de service.

CS-412: Software security

This course focuses on software security fundamentals, secure coding guidelines and principles, and advanced software security concepts. Students learn to assess and understand threats, learn how to d

MGT-493: Information security & digital trust

Technology and information play a crucial role in today's societies and economies. The security and privacy aspects of information technologies are paramount to build digital trust. In this course, we

CS-510: Topics in software security

Memory corruption and type safety flaws dominate the threat landscape. We will approach current research from three dimensions: sanitization (finding flaws through runtime monitors); fuzzing (testing

Explore zéro jour de vulnérabilité, le piratage éthique, les cyberattaques et les stratégies de défense contre les cybermenaces.

Couvre les approches de test de sécurité logicielle et les mesures de couverture.

Explore l'utilisation de désinfectants dans les tests de sécurité logicielle pour détecter les bogues tôt et améliorer l'efficacité des tests.