Article

Overcoming programming flaws: indexing of common software vulnerabilities

Author:
Kaloian Petkov

Lake Forest College, Lake Forest, IL

Lake Forest College, Lake Forest, IL
View Profile

InfoSecCD '05: Proceedings of the 2nd annual conference on Information security curriculum developmentSeptember 2005Pages 127–134https://doi.org/10.1145/1107622.1107652

Published:23 September 2005Publication History

InfoSecCD '05: Proceedings of the 2nd annual conference on Information security curriculum development

Pages 127–134

ABSTRACT

The goal of this research project was to identify categories of programming flaws that lead to software bugs and index existing vulnerability reports against those categories. A keyword-based search placed 70% of the records from the OSVDB and CVE databases into 15 vulnerability categories. The results identified malformed data, buffer overflow and cross-site scripting as the top three issues. The project laid the foundations for future research into ways of mitigating programming flaws.

References

Greenemeier, Larry. Homeland Security Needs Public-Private Cooperation. Information Week April 19, 2004. Accessed May 10, 2005 from http://www.informationweek.com/story/show/Article.jhtml?articleID=18902167.Google Scholar
Common Vulnerabilities and Exposures Database. Accessed May 11, 2005 from http://www.eve.mitre.orgGoogle Scholar
Open Source Vulnerability Database. Accessed May 23, 2005 from http://www.osvdb.org.Google Scholar
Viega, J. and McGraw, G. Building Secure Software. Addison-Wesley, 2002.Google Scholar

Index Terms

Overcoming programming flaws: indexing of common software vulnerabilities
1. Software and its engineering

Recommendations

Pinpointing Vulnerabilities
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

Memory-based vulnerabilities are a major source of attack vectors. They allow attackers to gain unauthorized access to computers and their data. Previous research has made significant progress in detecting attacks. However, developers still need to ...
Read More
Securing web applications from injection and logic vulnerabilities

Context: Web applications are trusted by billions of users for performing day-to-day activities. Accessibility, availability and omnipresence of web applications have made them a prime target for attackers. A simple implementation flaw in the ...
Read More
Randomized Instruction Sets and Runtime Environments Past Research and Future Directions

The author describes past research and future directions on instruction set randomization (ISR), a general technique for protecting against code-injection attacks. Such attacks are commonly encountered in a variety of application domains, remotely ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
InfoSecCD '05: Proceedings of the 2nd annual conference on Information security curriculum development
September 2005
147 pages
ISBN:1595932615
DOI:10.1145/1107622
Conference Chair:
Michael E. Whitman
Copyright © 2005 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 23 September 2005
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
CVE
OSVDB
buffer overflow
code injection
cross-site scripting
default configuration
dot-dot attack
format string vulnerability
integer errors
malformed data
memory leak
programming flaws
race condition
software vulnerabilities
spoofing
statistics
storage protection
symlink attacks
trusting the environment
weak encryption
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate18of23submissions,78%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 2
  Total Citations
  View Citations
- 736
  Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Overcoming programming flaws: indexing of common software vulnerabilities

InfoSecCD '05: Proceedings of the 2nd annual conference on Information security curriculum development

ABSTRACT

References

Cited By

Index Terms

Recommendations

Pinpointing Vulnerabilities

Securing web applications from injection and logic vulnerabilities

Randomized Instruction Sets and Runtime Environments Past Research and Future Directions