O'Reilly logo

CISSP Training Kit by David R. Miller

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Attacks on applications

Many of the vulnerabilities inherent in the enterprise are borne in the less than secure coding of applications. Several of the primary reasons software is inherently insecure are:

  • Lack of validating and filtering data input

  • Failure to release memory securely

  • Residual maintenance hooks

  • Unintended (covert) communications channels

  • Race conditions

Further, software, such as viruses, worms, Trojan horse applications, backdoors, rootkits, and exploit code, is used to commit attacks on systems.

Lack of validating and filtering data input

The buffer overflow attack and the SQL injection attack are two of the most prevalent attacks on software. These could both be reduced to a very low frequency, if not completely eliminated as vulnerabilities, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required