Attacks on applications
Many of the vulnerabilities inherent in the enterprise are borne in the less than secure coding of applications. Several of the primary reasons software is inherently insecure are:
Lack of validating and filtering data input
Failure to release memory securely
Residual maintenance hooks
Unintended (covert) communications channels
Race conditions
Further, software, such as viruses, worms, Trojan horse applications, backdoors, rootkits, and exploit code, is used to commit attacks on systems.
Lack of validating and filtering data input
The buffer overflow attack and the SQL injection attack are two of the most prevalent attacks on software. These could both be reduced to a very low frequency, if not completely eliminated as vulnerabilities, ...
Get CISSP Training Kit now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
