`
love~ruby+rails
  • 浏览: 849027 次
  • 性别: Icon_minigender_1
  • 来自: lanzhou
社区版块
存档分类
最新评论

Software Security Errors

阅读更多

This site presents a taxonomy of software security errors developed by the Fortify Software Security Research Group together with Dr. Gary McGraw. Each vulnerability category is accompanied by a detailed description of the issue with references to original sources, and code excerpts, where applicable, to better illustrate the problem.

The organization of the classification scheme is described with the help of terminology borrowed from Biology: vulnerability categories are referred to as phyla, while collections of vulnerability categories that share the same theme are referred to as kingdoms. Vulnerability phyla are classified into "seven plus one" pernicious kingdoms presented in the order of importance to software security:

  1. Input Validation and Representation
  2. API Abuse
  3. Security Features
  4. Time and State
  5. Errors
  6. Code Quality
  7. Encapsulation
  8. *. Environment

The first seven kingdoms are associated with security defects in source code, while the last one describes security issues outside the actual code. To browse the kingdom and phylum descriptions, simply navigate the taxonomy tree on the left.

The primary goal of defining this taxonomy is to organize sets of security rules that can be used to help software developers understand the kinds of errors that have an impact on security. By better understanding how systems fail, developers will better analyze the systems they create, more readily identify and address security problems when they see them, and generally avoid repeating the same mistakes in the future.

When put to work in an analysis tool, a set of security rules organized according to this taxonomy is a powerful teaching mechanism. Because developers today are by and large unaware of the myriad ways they can introduce security problems into their work, making a taxonomy like this available should provide tangible benefits to the software security community.

Defining a better classification scheme can also lead to better tools: a better understanding of the problems will help researchers and practitioners create better methods for ferreting them out.

To read more about the taxonomy, please see Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors.

分享到:
评论

相关推荐

    Effective Software Test Automation

    Thus, software products are delivered to end users with costly errors. These costs are shared by virtually all businesses in the United States that depend on software for their development, ...

    NIST SP800-142.pdf

    Software implementation errors are one of the most significant contributors to information system security vulnerabilities, making software testing an essential part of system assurance. Combinatorial...

    Secure.Coding.in.C.and.Cplusplus.2nd.Edition.0321822137.epub

    Moreover, this book encourages programmers to adopt security best practices and to develop a security mindset that can help protect software from tomorrow’s attacks, not just today’s. Drawing on ...

    0 Reference Answer for Assignments.pptx

    2.Testing: This activity focuses on ensuring the quality of the software by identifying and fixing bugs, errors, and performance issues. Testing is done at different stages, including unit testing, ...

    Pro/E guide

    In case of issues or errors, the guide provides troubleshooting tips and solutions. Common problems may include licensing issues, performance bottlenecks, or compatibility problems with other software...

    英文原版-Supporting Windows 8 2nd Edition

    The text also examines security tools and techniques relevant to Windows 8 and explains how to troubleshoot startup errors and slowdowns. Labs for each chapter focus on support tools and techniques ...

    TimesTen In-Memory Database Installation Guide

    - **Reporting Errors**: Users are encouraged to report any errors found in the documentation. - **U.S. Government Rights**: - Programs, software, databases, and related documentation delivered to U.S...

    essential skills of java

    In today's digital age, the security of software applications is paramount. Criminal hackers have increasingly targeted web applications, exploiting vulnerabilities to access valuable personal or ...

    Expert PHP and MySQL(Apress,2013)

    Expert PHP and MySQL takes you beyond learning syntax to showing you how to apply proven software development methods to building commerce-grade ... Developers of real-world applications face numerous ...

    Troubleshooting.with.the.Windows.Sysinternals.Tools.2nd.Edition

    List, categorize, and manage software that starts when you start or sign in to your computer, or when you run Microsoft Office or Internet Explorer Verify digital signatures of files, of running ...

    MMC V6.0 R02C

    This includes mechanisms for retrying failed operations, detecting and correcting errors, and logging errors for diagnostic purposes. 6. **Performance Optimization:** - To improve overall system ...

    基于ssm+mysql的编程类在线答题系统源码数据库论文.docx

    Additionally, knowledge of software engineering principles, such as database normalization, error handling, and security practices, would be crucial. Throughout the development process, testing and ...

    Next Generation SOA

    With accelerating adoption amongst organizations of all types and sizes, SOA is increasingly becoming the mainstream paradigm for enterprise IT architecture and software development. SOA offers ...

    Endevor for mainframe

    5. **Security and Compliance**: Security features include access controls, audit trails, and encryption options to ensure compliance with regulatory requirements. These measures help protect sensitive...

    a project model for the FreeBSD Project.7z

    While the userland applications are protected against faults in other userland applications, the entire system is vulnerable to errors in the kernel. This, combined with the vast amount of ...

    毕业论文asp.net747旅行社旅游管理信息系统.docx

    In terms of the B/S (Browser/Server) structure, users access the system through a web browser, reducing the need for client-side software installations, making it more accessible and user-friendly....

Global site tag (gtag.js) - Google Analytics