Home > Computers & Technology > Software > Software (Other)
About software vulnerabilities
by Rachelle Reese
Created on: November 02, 2007
A software vulnerability is a programming error that allows an attacker to gain unauthorized access. The way an attacker uses a software vulnerability is known as an exploit. Some vulnerabilities are easy to exploit. Others require knowledge about how computers process instructions. Sometimes an attacker will create a script or a set of instructions about how to exploit a vulnerability. When this information becomes widely known, less experienced attackers can exploit the vulnerability. These less experienced attackers are called script kiddies.
The most common cause of a software vulnerability is lack of data validation. All data that is input to a program should be validated to ensure that it does not contain code that performs a malicious task.
A common vulnerability is one that allows a command-line injection attack. In a command-line injection attack, an attacker identifies an input vector that allows operating system commands to run. An input vector includes a place in the program where input is required and not validated, as well as the way the input must be formed to exploit the code. After the attacker identifies the input vector, he constructs the payload. The payload is the command that does damage. In the case of a command-line vulnerability, that damage might be viewing a confidential file, downloading a confidential file, or even formatting the computer's hard disk, thus destroying all data.
Another common exploit is the SQL injection attack. A SQL injection attack is similar to a command-line injection attack, except that it uses a dynamically constructed SQL query to cause the database management system to execute malicious code.
Both of these exploits can be prevented if programmers validate all input that might be able to gain access to either the operating system shell or a database management system. However, input validation is not easy. There are two ways to validate input. The best way is to verify that all input meets specifications. For example, it must be within a specific length, include only a certain range of characters, and not contain any code. Another way is to check the input for malformed input used in known attack patterns, such as the apostrophe, which is used to make a database server ignore any characters that follow it. Relying solely on checking for known attack patterns is dangerous because new exploits are crafted all the time. The challenge for a software developer is to think like an attacker. Identify the places in the code that present the highest risk, then line up your defenses to protect them. Validate all data that flows into those parts of the code. Set strict requirements on acceptable input. Trust no one who can enter through those defenses. Even a seemingly innocent user can carry a fatal payload.
Learn more about this author, Rachelle Reese.
Click here to send this author comments or questions.
Below are the top articles rated and ranked by Helium members on:
About software vulnerabilities
-
by Leigh Goessl
You've probably seen it plastered on the news and all over the Internet at one time or another, a software vendor has a
-
A software vulnerability is a programming error that allows an attacker to gain unauthorized access. The way an attacker
-
Here I have tried to discuss the reasons of such programming that may cause problem in a computer system. I have often thought
-
by Mark Ollig
Ninth grade prank 25 years ago made history
In 1982 the Apple II personal computer was being used in many classrooms across
Email this article
Print articleHelium Debate
Cast your vote!
Is Microsoft Office Professional a better software suite than OpenOffice?
Click for your side.
- New nuclear reactors set to be approved for Georgia
- Research: Spoon-feeding makes babies fatter
- The differences between eligibility for SSDI and SSI
- Chrome browser launched on Android phones
- What the new FAA law means to air passengers
- Why your networking may not be delivering results
- How to drive in snowy weather
- Who will take over as England football manager?
- The chemistry of chocolate
- Recipes: Valentine's Day desserts
- The pitfalls of becoming famous
- Tips for writing an old fashioned love letter
- How to host a Mardi Gras party
- Tips for running when you're unfit
- How to reset a check engine light
- Can you see the moon using Google Earth
- Why did Google change their logo to Topeka
- Should cell phone use be banned while driving?
- Why Mac is better than PC
- Pros and cons of the Internet in today’s society
- How to install Linux on an Intel Mac with Boot Camp
- How to make a photo look old in Photoshop
- The negative effects of Facebook
- How to know if your computer has been hacked
- Phone comparisons: Sprint HTC EVO 4G vs. Verizon Nexus One
- How to use Paypal without a credit card
- Tips for knowing when the CMOS battery is getting weak
- Comparing MacBook Air with MacBook Pro
- How to cancel an AOL account
- What are the differences between LAN and WAN
- iPod Touch not recognized in iTunes for Windows: How to fix it
- How to transfer money between your bank account and PayPal
- Great text-message jokes
- Disadvantages of Facebook
- Scan my computer online for viruses
- How to connect your MP3 player to your car stereo
- How to connect one computer to another
- Effects of computers and the Internet on society
- How to block private calls on your cell phone
- Apple iPad vs Google ‘iPad killer’ tablet
- How to convert iDoser DRG files to WAV and MP3
- Negative effects of the Internet
- How to compress files with WinRAR
- Top free android apps for the myTouch 3G
- What to do if your iPod freezes
- What does the collate feature do on a printer or copy machine
- How to determine what kind of Internet connection you have
- How to clean up a computer’s hard drive
- Guide to the cheapest cell phone service plans in the U.S.
- The top free apps for the Droid
- iPhone app reviews: Tap Fish
- Is buying discounted cigarettes online legal in the U.S.?
- How to erase songs from your iPod
- How to get free videos for your iPod
- Choosing between HD and SD camcorders
- How to find out what’s running on your PC
- How to delete cookies from your computer
- How to remove a hard drive
- How to download music on an iPod Touch
- Best 2D animation programs
- How to change bit rates in iTunes
- Things that may slow down your computer
- The negative effects of technology on kids
- How to get the best deal on a Verizon Nexus One
- Best laptops for high school students
- Website reviews: Weebly.com
- Best brand laptop to buy
- Negative impact of technology growing too fast
- Comparing integrated and dedicated graphics cards
- How to connect two home computers to the same printer
- Energizer vs. Duracell batteries
- Common problems with Google’s Nexus One phone
- How illegal music downloaders get caught
- How to put videos on your iPod classic
- The difference between object-oriented programming (OOP) and procedure-oriented programming
- The best way to play an IPod through your car stereo
- Best online stores with ‘buy now pay later’ options
- How to change your name on Facebook
- How to get more space on your computer
- Digital camera reviews: Panasonic Lumix DMC-TZ65
- The negative side of Facebook
- What to do if your computer gets hacked
- The pros and cons of Wikipedia
- How the computer has changed through the years
- How to install downloaded fonts and Photoshop brushes
- How to view system information in Windows XP
- Pros and cons of using Microsoft PowerPoint presentations
- Fastest of the three internet browsers
- How to send SMS from the internet to a cell phone
- How to sell your old computer
- The pros and cons of open source software
- What type of wood should you use to make a subwoofer box?
- Internet connection by a USB modem
- The pros and cons of advancing technology
- Imagining a world without computers
- How to transfer songs from iTunes to your iPod
- How computers benefit society
- Functions of a Database Management System
- How to enable NVIDIA SLI
- Google Earth V5: A review of new features
- How to find old classmates in Facebook
- Pros and cons of MySpace and Facebook
- Microsoft Outlook tips: How to import your Hotmail messages
- Why dual-core is faster than single-core processors
- Comparing Matlab and Mathematica
- The difference between Google and Yahoo search results
- Censorship and the Internet
- Internet service reviews: DISH Network
- The differences between an Amazon Kindle and a Nook
- How to take quality pictures on a cell phone camera
- The pros and cons of cellphones
- How to set up voice mail on a Droid phone
- The advantages of the Internet
- Transferring iTunes songs to another computer
- AlertPay vs. PayPal
- How to use Google Earth
- Tips to diagnose and fix a slow running computer
- How to change your home page in Firefox
- How to create a hyperlink in an email
- Social effects of Internet communication
- The importance of computer technology in industry
- Do headphones damage your hearing?
- How to choose the best center channel for your home theater system
- How to send an event invitation on Facebook
- Microsoft Word tips: How to check the readability of your writing
- How to fix a ‘network cable unplugged’ error
- How to remove a forgotten Windows XP password
- How to clear your Dropbox cache
- Hottest programming language trends among developers
- iPhone app reviews: Words with Friends Free
- Facts about iPods
- The future of modernization in the United States
- Kindle’s biggest competitors
- Essential software everyone should have on their laptop
- How to change the display settings in Windows XP
- How to fix IP address problems
- How to use a micro sd card
- What to do if your computer is running slow
- Product reviews: Logitech M305 wireless mouse
- At what age do you give a child a cell-phone?
- Car audio: How to build a subwoofer enclosure
- Best MP3 players for kids
- How to create a transparent gradient in Adobe Illustrator
- How to remove Bing toolbar
- Buying a desktop or laptop: Pros and cons
- How to remove scratches from your iPod
- Improving your cell phone’s call quality
- Top 10 reasons cell phones have become essential for modern living
- Advantages and disadvantages of mp3 technology
- How the Internet changed the world
- Technology is making us lazy
- Using a LCD monitor as a TV
- How to transfer pictures from your cell phone to your computer
- How to tell how much free hard-drive space is left on a computer
- What is 2D animation?
- iPhone app reviews: Google Earth
- How to increase digital TV signal strength
- How to change your WiFi channel number
- How to make brochures in Microsoft Word
- Effects of technology in today’s business world
- How to install the Windows Vista sidebar and gadgets in Windows XP
- Why computer games are not a waste of time
- The meaning of domain name extensions
- How to airbrush a photo in Photoshop
- Best computer for students: Mac or PC?
- The top 10 apps to get you started on the Verizon Droid
- Ways to get creative with your Facebook religious views
- Best websites for free Easter desktop wallpaper
- Tips for using Facebook block or limited profile check
- Pros and cons of Skype
- Tips on using the Droid Multimedia Station
- The best pen pal sites
- How to fix a cell phone after it gets wet
- The positive effects of technology on kids
- How to connect a DVD recorder to a satellite receiver
- Photoshop CS4 tutorial: How to create a silhouette
- Software reviews: Kindle for Mac
- How to adjust the virtual memory paging file in Windows XP
- The differences between the Panasonic and Samsung 3D TVs
- Internet service reviews: Direct TV Internet
- The best apps for customizing a Droid phone
- Does technology help us save time or waste time?
- The negative side of the Internet
- How to factory reset a Samsung Galaxy S2
- Names you can’t have on Facebook
- Best websites to watch free streaming TV shows online
- Do cell phones keep us more connected or more isolated?
- Should social networking sites be regulated?
- iPhone app reviews: Talking Tom Cat
- Best cell phone providers in Alaska
- iPhone app reviews: Me Want Bamboo
- Will computers replace books in the future?
- What is Google Wave?
- Best websites for printable crossword and jumble word puzzles
- How to remove a jammed Ethernet cable safely
- Advantages of Facebook
- Are computers necessary in today’s society?
- How to make triangle shapes using GIMP software
- Best digital cameras for teens
- How to use cc and bcc effectively when sending emails
- Best private channels for the Roku Digital video player
- How to find the IP address of a Ricoh copier
- Best crafts to sell on Etsy
- Do cell phone signal boosters really work?
- Explaining the diameter of a CD
- How YouTube works: The technical aspects
- How hackers can steal money from your bank account
- How to hide computer files that you don’t want people to see
- The downside of card-holder services
- How technology has affected tourism
- Evaluating the environmental impact of e-waste
- How to make a spinning globe using GIMP software
- How to fix Zune error 5
- How to install a GPS navigation device in your car
- Cardholder services scam: What consumers need to know
- How to set up a Sapido wireless router
- How has GPS changed our lives?
- Japan vs. US: Who is better in the field of technology
- How to use a BlackBerry Curve as a USB modem
- How to create Dish Network favorites lists
- How to sync your Google Calendar with the Droid phone
- How technology has affected the food industry
- Virgin MiFi offers low cost, unlimited Internet, 3G hot spot
- Battery saving tips for the Samsung Galaxy S2
- Best computer for writers: Mac or PC?
- Zombie cookies: What zombie cookies are and how to delete them
- How to factory reset your HTC EVO
- How to check your Internet signal strength
- Haypi Kingdom: City wall strategies
- How to check reliability of information on the Internet
- Why are cell phones so popular?
- Most addicting games on Facebook
- Best free apps for the Sony Dash
- Why use VB.Net?
- iPhone app reviews: Stickwars Lite
- How to import browser settings in Safari
- The facts about cell phone addiction
- Product reviews: Jazz DV151 pocket camcorder
- Best websites to download free eBooks online
- Is text messaging causing the destruction of the English language?
- Top 10 cloud computing service providers
- Changing the font size on a Nook
- Negative sides of social networking
- Headphone reviews: Philips SHC2000 wireless
- How to factory reset a Sony Ericsson C902
- Comparing link state algorithm with distance vector algorithm
- How social networking has changed the nature of friends and friendships
- Nintendo executive says Nintendo 3DS is unfit for children
- Why Livedrive is better than DropBox
- Why text messaging is so popular, even though it’s impersonal
- How to find the MAC address of a Ricoh Aficio MP series copier
- iPhone 4 death grip: How to get better iPhone 4 reception
- The role of information technology in our industries
- How to normalize your database tables
- Website reviews: Ikariam.org
- How to become immortal: Upload your mind
- The best free eBook reader apps for Android
- Assessing the effect of new technologies on our lifestyle
- The key differences between HTML and XHTML
- Why IP addresses are important for computer networking
- How to make ornament ball images using GIMP software
- How to ink in GIMP without a tablet
- Tips and tricks for using the Samsung Galaxy S2
- Factors that influence website performance
- How to convert a word document into PDF
- The different modes of Doodle Jump for the iPhone
- How Apple and the iPod have changed the music industry
- How to create a LAN network in a cyber cafe
- How to connect speakers to both a DVD player and a TV
- How to use your iPhone abroad and avoid unwanted roaming charges
- Why HTML is important
- USB vs. serial keyboards: Which is better?
- How to make a cube shape using GIMP software
- How to delete an album in IPhoto but not in Facebook
- The best astrology apps for iPad
- How to do a screen capture with a Samsung Galaxy S2
- How to find out what is running during computer startup
- The profile of a typical hacker
- Why hackers hack
- How to add songs to iPod without deleting old ones
- How to create an image by tracing with GIMP
- How to create a switchboard in Microsoft Access
- Internet browsers: How to block keyword pop-up ads
- The difference between TCP and UDP in trasferring data
- iPhone app reviews: Angry Birds
- Is technology making us lazy?
- Advantages of the Internet
- Which computer is best for the music-minded: Mac or PC?
- How to use SD card with Macbook Pro
- Do lithium batteries really last that much longer than alkaline?
- The basic concepts of VB.Net
- Potential problems with robots
- How to set up a live webcam
- The birth of YouTube: How it started out
- iPhone app reviews: Crime City
- How to set reminders on an iPhone 4
- Best iPad apps for teachers
- Appropriate vs. inappropriate uses for text messaging
- The differences between towers, mini-towers and desktop computers
- The history of the Internet in the Philippines
- Cell phone accessory reviews: Plantronics Explorer 245 Bluetooth Headset
- Pros and cons of technology for children
- Android app reviews: Teeter
- How to use Spotify.com to organise a music playlist
- Geeky tech gadgets that make great stocking stuffers
- How safe are webcam sites?
- How to turn chat off on Facebook
- How has social networking improved people’s relationships with family and friends?
- How technology has affected education
- What is near field communication (NFC) technology?
- Tips for buying a webcam
- How to use the Android Froyo light sensor
- Where to find eMachine replacement parts online
- Where to get free PDF books
- Google Android 2.2 release date and specs
Write and get published
Share with other writers
Polish your freelancing skills
Quality articles from proven freelancers
Exclusive rights, fast turnaround
Brand engagement, business blogging -- our writers do it all
INFORMATION
Copyright © 2002-2012 Helium, Inc. All rights reserved.