Lecture 3 - Program Security - Program Security Lecture 3...

This preview shows page 1 - 11 out of 43 pages.

Program Security Lecture 3 Week 3
Image of page 1
Topics Vulnerabilities Secure Program Malicious Code Top 10 Web application vulnerabilities Safeguard to Program threat Pillar to Software Security 2
Image of page 2
Secure Programs Different people have different perspective on software quality. Tracking faults (from developers): Requirements Design Code inspections Note: fixing might cause more faults Failures - are effects of faults Vulnerability and flaws do not map to faults and failures "Bugs" means different things, depending on context. IEEE says "fault" is inside view from the developer Failure - outside view from user 3
Image of page 3
Secure Programs Types of Flaws: validation error domain error serialization and aliasing inadequate identification and authentication boundary condition violation other exploitable logic errors 4
Image of page 4