Security bug

A security bug or security defect is a software bug that can be exploited to gain unauthorized access or privileges on a computer system. Security bugs introduce security vulnerabilities by compromising one or more of:

• Authentication of users and other entities^[1]
• Authorization of access rights and privileges^[1]
• Data confidentiality
• Data integrity

Security bugs do not need be identified nor exploited to be qualified as such and are assumed to be much more common than known vulnerabilities in almost any system.

Causes

Main page: Vulnerability (computing)

Security bugs, like all other software bugs, stem from root causes that can generally be traced to either absent or inadequate:^[2]

• Software developer training
• Use case analysis
• Software engineering methodology
• Quality assurance testing
• and other best practices

Taxonomy

Security bugs generally fall into a fairly small number of broad categories that include:^[3]

• Memory safety (e.g. buffer overflow and dangling pointer bugs)
• Race condition
• Secure input and output handling
• Faulty use of an API
• Improper use case handling
• Improper exception handling
• Resource leaks, often but not always due to improper exception handling
• Preprocessing input strings before they are checked for being acceptable

Mitigation

See software security assurance.

See also

• Computer security
• The Art of Exploitation
• IT risk
• Threat (computer)
• Vulnerability (computing)
• Hardware bug
• Secure coding

References

Further reading

• Open Web Application Security Project (21 August 2015). "2013 Top 10 List". https://www.owasp.org/index.php/Top_10_2013-Top_10. 
• "CWE/SANS TOP 25 Most Dangerous Software Errors". SANS. http://cwe.mitre.org/top25/index.html#CWE-862. Retrieved 13 July 2012. 

This article is part of a series on
Information security
Related security categories
Internet security Automotive security Cyberwarfare Computer security Mobile security Network security
Threats
Advanced persistent threat Computer crime Vulnerabilities Eavesdropping Malware Spyware Ransomware Trojans Viruses Worms Rootkits Bootkits Keyloggers Screen scrapers Exploits Backdoors Logic bombs Payloads Denial of service Web shells Web application security Phishing
Defenses
Computer access control Application security Antivirus software Secure coding Secure by default Secure by design Secure operating systems Authentication Multi-factor authentication Authorization Data-centric security Encryption Firewall Intrusion detection system Mobile secure gateway Runtime application self-protection (RASP)
v t e

0.00 (0 votes) Original source: https://en.wikipedia.org/wiki/Security bug. Read more