ABSTRACT
The goal of this research project was to identify categories of programming flaws that lead to software bugs and index existing vulnerability reports against those categories. A keyword-based search placed 70% of the records from the OSVDB and CVE databases into 15 vulnerability categories. The results identified malformed data, buffer overflow and cross-site scripting as the top three issues. The project laid the foundations for future research into ways of mitigating programming flaws.
- Greenemeier, Larry. Homeland Security Needs Public-Private Cooperation. Information Week April 19, 2004. Accessed May 10, 2005 from http://www.informationweek.com/story/show/Article.jhtml?articleID=18902167.Google Scholar
- Common Vulnerabilities and Exposures Database. Accessed May 11, 2005 from http://www.eve.mitre.orgGoogle Scholar
- Open Source Vulnerability Database. Accessed May 23, 2005 from http://www.osvdb.org.Google Scholar
- Viega, J. and McGraw, G. Building Secure Software. Addison-Wesley, 2002.Google Scholar
Index Terms
- Overcoming programming flaws: indexing of common software vulnerabilities
Recommendations
Pinpointing Vulnerabilities
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications SecurityMemory-based vulnerabilities are a major source of attack vectors. They allow attackers to gain unauthorized access to computers and their data. Previous research has made significant progress in detecting attacks. However, developers still need to ...
Securing web applications from injection and logic vulnerabilities
Context: Web applications are trusted by billions of users for performing day-to-day activities. Accessibility, availability and omnipresence of web applications have made them a prime target for attackers. A simple implementation flaw in the ...
Randomized Instruction Sets and Runtime Environments Past Research and Future Directions
The author describes past research and future directions on instruction set randomization (ISR), a general technique for protecting against code-injection attacks. Such attacks are commonly encountered in a variety of application domains, remotely ...
Comments