In this exercise, you will investigate two vulnerabilities of your choice from these two lists or any other reputable source. For each of the two vulnerabilities you have chosen, you will explain the vulnerability including where it occurs (e.g., C language, database, web browser, etc.), and an example attack that exploited it. You will also describe how the vulnerability can be minimized, prevented or mitigated. All the description should be in your own words. You may use code excerpt to illustrate the vulnerability or remove the flaw that is the source of the vulnerability.

 

Your report should not be more than two pages for each vulnerability. You need to consult at least two references for each vulnerability. APA Format.

 

Common software code vulnerabilities include:

• Buffer overflow
• Logic error or logic bombs
• Race conditions
• Format string vulnerability
• Cross-site scripting
• Cross-site request forgery
• SQL and other command injection 
• Memory leak
• Incomplete mediation
• Integer overflow, underflow, and sign conversion errors
• Insufficient data validation

The name of vulnerability and the name of an attack that exploits it are often called by the same name. For example, the attack that exploits the buffer overflow vulnerability is known as the buffer overflow attack. Similarly, a race-condition attack leverages a race condition vulnerability. An attacker can and have exploited more than one vulnerability in the same attack to cause more damage than would be possible with a single vulnerability.