ComputerScienceExpert
$18/per page/
Software vulnerabilities, especially vulnerabilities in code, are a major security problem today. Not all bug or flaws in software become security vulnerabilities, but some of them do. An attacker can exploit these vulnerabilities to cause major disruption to a business. An exploit can result in a variety of damages including crash of a system, taking the role of a super user, deleting of information in a file or an entire file, changing critical content in a database or a file, stealing valuable proprietary information, planting of  malware, turning a system into a bot so to launch attacks on other systems.
Â
Assignment on Sofware VulnerabilitySofware vulnerabilites, especially vulnerabilites in code, are a major securiTy problem Today. NoT allbug or Faws in sofware become securiTy vulnerabilites, buT some o± Them do. An a²acker can exploiTThese vulnerabilites To cause major disrupton To a business.An exploiT can resulT in a varieTy o±damages including crash o± a sysTem, Taking The role o± a super user, deletng o± in±ormaton in a ³le oran entre ³le, changing critcal conTenT in a daTabase or a ³le, sTealing valuable proprieTary in±ormaton,plantng o±malware, Turning a sysTem inTo a boT so To launch a²acks on oTher sysTems.Common sofware code vulnerabilites include:Bu´er overFowLogic error or logic bombsRace conditonsµormaT sTring vulnerabiliTyCross-siTe scriptngCross-siTe requesT ±orgerySQL and oTher commandinjectonMemory leakIncompleTe mediatonInTeger overFow, underFow, and sign conversion errorsInsu¶cienT daTa validaton·he name o± vulnerabiliTy and The name o± an a²ack ThaT exploiTs iT are ofen called by The same name.µor example, The a²ack ThaT exploiTs The bu´er overFow vulnerabiliTy is known as The bu´er overFowa²ack. Similarly, a race-conditon a²ack leverages a race conditon vulnerabiliTy. An a²acker can andhave exploiTed more Than one vulnerabiliTy in The same a²ack To cause more damage Than would bepossible wiTh a single vulnerabiliTy.·wo organizatons ±ocus on improving sofware securiTy and Thus Track The various vulnerabilites on acontnual basis. ·hey are (1) Common Weakness Enumeraton (CWE) by SANS/MiTreh²ps://cwe.miTre.org/index.hTml), and(2) ·he Open Web Applicaton SecuriTy ProjecT(OWASP) (seeh²ps://www.owasp.org/index.php/AbouT_OWASP).I am a²aching Two documenTs here, CWE ·op 25and OWASP ·op 10. Please noTe The vulnerabilites or The Type o± vulnerabilites are noT The same inThese Two lisTs. ·his is because, OWASP’s ±ocuses only on web applicatons.Also, The Two lisTs are alsonoT exacTly The same as The above bulleTed lisT. ·hey do, however, overlap.In This exercise, you will investgaTe Two vulnerabilites o± your choice ±rom These Two lisTs or any oTherrepuTable source. µor each o± The Two vulnerabilites you have chosen, you will explain The vulnerabiliTyincluding where iT occurs (e.g., C language, daTabase, web browser, eTc.),and an example a²ack ThaTexploiTed iT. You will also describe how The vulnerabiliTy can be minimized, prevenTed or mitgaTed.AllThe descripton should be in your own words. You may use code excerpT To illusTraTe The vulnerabiliTy orremove The Faw ThaT is The source o± The vulnerabiliTy.
Attachments: