483:
377:
921:
898:
929:
287:
370:
861:
657:
217:
116:
911:
78:
to be qualified as such and are assumed to be much more common than known vulnerabilities in almost any system.
31:
that can be exploited to gain unauthorized access or privileges on a computer system. Security bugs introduce
724:
363:
314:
Proceedings of the Third IASTED International
Conference on Communication, Network, and Information Security
916:
837:
637:
200:
75:
955:
893:
851:
507:
965:
754:
472:
232:
87:
32:
739:
617:
512:
827:
779:
442:
960:
868:
602:
57:
888:
800:
749:
694:
562:
535:
517:
415:
386:
482:
139:
Security bugs generally fall into a fairly small number of broad categories that include:
8:
672:
447:
405:
97:
856:
784:
689:
179:
104:
904:
662:
597:
547:
494:
452:
400:
332:
309:
227:
212:
121:
873:
813:
577:
567:
462:
151:
43:
764:
744:
642:
467:
457:
147:
63:
340:
265:
934:
832:
682:
632:
607:
572:
552:
432:
420:
157:
68:
53:
39:
949:
844:
805:
774:
769:
622:
612:
582:
242:
184:
143:
128:
93:
49:
878:
734:
437:
237:
28:
818:
652:
627:
592:
427:
190:
Preprocessing input strings before they are checked for being acceptable
883:
699:
647:
530:
410:
355:
759:
714:
709:
557:
525:
330:
719:
677:
540:
308:
Alhazmi, Omar H.; Woo, Sung-Whan; Malaiya, Yashwant K. (Jan 2006).
172:
110:
729:
704:
667:
222:
587:
502:
310:"Security vulnerability categories in major software systems"
100:
that can generally be traced to either absent or inadequate:
187:, often but not always due to improper exception handling
166:
331:
Open Web
Application Security Project (21 August 2015).
307:
947:
341:"CWE/SANS TOP 25 Most Dangerous Software Errors"
266:"CWE/SANS TOP 25 Most Dangerous Software Errors"
371:
74:Security bugs do not need be identified nor
378:
364:
922:Security information and event management
385:
288:"Software Quality and Software Security"
260:
258:
948:
899:Host-based intrusion detection system
359:
255:
930:Runtime application self-protection
13:
481:
324:
14:
977:
862:Security-focused operating system
658:Insecure direct object reference
218:Hacking: The Art of Exploitation
162:Secure input and output handling
117:Software engineering methodology
35:by compromising one or more of:
912:Information security management
301:
280:
92:Security bugs, like all other
1:
248:
194:
7:
917:Information risk management
838:Multi-factor authentication
394:Related security categories
206:
201:software security assurance
134:
10:
982:
894:Intrusion detection system
852:Computer security software
508:Advanced persistent threat
85:
793:
493:
479:
473:Digital rights management
393:
233:Vulnerability (computing)
88:Vulnerability (computing)
81:
618:Denial-of-service attack
513:Arbitrary code execution
33:security vulnerabilities
828:Computer access control
780:Rogue security software
443:Electromagnetic warfare
874:Obfuscation (software)
603:Browser Helper Objects
487:
869:Data-centric security
750:Remote access trojans
485:
801:Application security
695:Privilege escalation
563:Cross-site scripting
416:Cybersex trafficking
387:Information security
16:Type of software bug
448:Information warfare
406:Automotive security
857:Antivirus software
725:Social engineering
690:Polymorphic engine
643:Fraudulent dialers
548:Hardware backdoors
488:
333:"2013 Top 10 List"
180:exception handling
105:Software developer
46:and other entities
956:Computer security
943:
942:
905:Anomaly detection
810:Secure by default
663:Keystroke loggers
598:Drive-by download
486:vectorial version
453:Internet security
401:Computer security
228:Threat (computer)
213:Computer security
165:Faulty use of an
122:Quality assurance
973:
966:Software testing
814:Secure by design
745:Hardware Trojans
578:History sniffing
568:Cross-site leaks
463:Network security
380:
373:
366:
357:
356:
352:
350:
348:
336:
318:
317:
305:
299:
298:
296:
295:
284:
278:
277:
275:
273:
262:
152:dangling pointer
981:
980:
976:
975:
974:
972:
971:
970:
946:
945:
944:
939:
789:
489:
477:
468:Copy protection
458:Mobile security
389:
384:
346:
344:
339:
327:
325:Further reading
322:
321:
306:
302:
293:
291:
286:
285:
281:
271:
269:
264:
263:
256:
251:
209:
197:
148:buffer overflow
137:
90:
84:
64:confidentiality
25:security defect
17:
12:
11:
5:
979:
969:
968:
963:
958:
941:
940:
938:
937:
935:Site isolation
932:
927:
926:
925:
919:
909:
908:
907:
902:
891:
886:
881:
876:
871:
866:
865:
864:
859:
849:
848:
847:
842:
841:
840:
833:Authentication
825:
824:
823:
822:
821:
811:
808:
797:
795:
791:
790:
788:
787:
782:
777:
772:
767:
762:
757:
752:
747:
742:
737:
732:
727:
722:
717:
712:
707:
702:
697:
692:
687:
686:
685:
675:
670:
665:
660:
655:
650:
645:
640:
635:
633:Email spoofing
630:
625:
620:
615:
610:
605:
600:
595:
590:
585:
580:
575:
573:DOM clobbering
570:
565:
560:
555:
553:Code injection
550:
545:
544:
543:
538:
533:
528:
520:
515:
510:
505:
499:
497:
491:
490:
480:
478:
476:
475:
470:
465:
460:
455:
450:
445:
440:
435:
433:Cyberterrorism
430:
425:
424:
423:
421:Computer fraud
418:
408:
403:
397:
395:
391:
390:
383:
382:
375:
368:
360:
354:
353:
337:
326:
323:
320:
319:
300:
279:
253:
252:
250:
247:
246:
245:
240:
235:
230:
225:
220:
215:
208:
205:
196:
193:
192:
191:
188:
185:Resource leaks
182:
176:
169:
163:
160:
158:Race condition
155:
136:
133:
132:
131:
129:best practices
125:
119:
114:
108:
86:Main article:
83:
80:
72:
71:
69:Data integrity
66:
60:
47:
40:Authentication
15:
9:
6:
4:
3:
2:
978:
967:
964:
962:
961:Software bugs
959:
957:
954:
953:
951:
936:
933:
931:
928:
923:
920:
918:
915:
914:
913:
910:
906:
903:
900:
897:
896:
895:
892:
890:
887:
885:
882:
880:
877:
875:
872:
870:
867:
863:
860:
858:
855:
854:
853:
850:
846:
845:Authorization
843:
839:
836:
835:
834:
831:
830:
829:
826:
820:
817:
816:
815:
812:
809:
807:
806:Secure coding
804:
803:
802:
799:
798:
796:
792:
786:
783:
781:
778:
776:
775:SQL injection
773:
771:
768:
766:
763:
761:
758:
756:
755:Vulnerability
753:
751:
748:
746:
743:
741:
740:Trojan horses
738:
736:
735:Software bugs
733:
731:
728:
726:
723:
721:
718:
716:
713:
711:
708:
706:
703:
701:
698:
696:
693:
691:
688:
684:
681:
680:
679:
676:
674:
671:
669:
666:
664:
661:
659:
656:
654:
651:
649:
646:
644:
641:
639:
636:
634:
631:
629:
626:
624:
623:Eavesdropping
621:
619:
616:
614:
613:Data scraping
611:
609:
606:
604:
601:
599:
596:
594:
591:
589:
586:
584:
583:Cryptojacking
581:
579:
576:
574:
571:
569:
566:
564:
561:
559:
556:
554:
551:
549:
546:
542:
539:
537:
534:
532:
529:
527:
524:
523:
521:
519:
516:
514:
511:
509:
506:
504:
501:
500:
498:
496:
492:
484:
474:
471:
469:
466:
464:
461:
459:
456:
454:
451:
449:
446:
444:
441:
439:
436:
434:
431:
429:
426:
422:
419:
417:
414:
413:
412:
409:
407:
404:
402:
399:
398:
396:
392:
388:
381:
376:
374:
369:
367:
362:
361:
358:
342:
338:
334:
329:
328:
315:
311:
304:
289:
283:
267:
261:
259:
254:
244:
243:Secure coding
241:
239:
236:
234:
231:
229:
226:
224:
221:
219:
216:
214:
211:
210:
204:
202:
189:
186:
183:
181:
177:
174:
170:
168:
164:
161:
159:
156:
153:
149:
145:
144:Memory safety
142:
141:
140:
130:
126:
123:
120:
118:
115:
112:
109:
106:
103:
102:
101:
99:
95:
94:software bugs
89:
79:
77:
70:
67:
65:
61:
59:
55:
54:access rights
51:
50:Authorization
48:
45:
41:
38:
37:
36:
34:
30:
26:
22:
879:Data masking
438:Cyberwarfare
345:. Retrieved
313:
303:
292:. Retrieved
290:. 2008-11-02
282:
270:. Retrieved
238:Hardware bug
198:
138:
96:, stem from
91:
73:
29:software bug
24:
21:security bug
20:
18:
819:Misuse case
653:Infostealer
628:Email fraud
593:Data breach
428:Cybergeddon
98:root causes
950:Categories
884:Encryption
760:Web shells
700:Ransomware
648:Hacktivism
411:Cybercrime
294:2017-04-28
249:References
195:Mitigation
127:and other
58:privileges
715:Shellcode
710:Scareware
558:Crimeware
518:Backdoors
178:Improper
171:Improper
76:exploited
889:Firewall
794:Defenses
720:Spamming
705:Rootkits
678:Phishing
638:Exploits
207:See also
175:handling
173:use case
135:Taxonomy
113:analysis
111:Use case
107:training
730:Spyware
673:Payload
668:Malware
608:Viruses
588:Botnets
495:Threats
347:13 July
272:13 July
223:IT risk
124:testing
924:(SIEM)
901:(HIDS)
785:Zombie
522:Bombs
503:Adware
343:. SANS
268:. SANS
146:(e.g.
82:Causes
770:Worms
765:Wiper
683:Voice
531:Logic
154:bugs)
62:Data
44:users
27:is a
536:Time
526:Fork
349:2012
274:2012
199:See
150:and
56:and
541:Zip
167:API
52:of
42:of
23:or
952::
312:.
257:^
203:.
19:A
379:e
372:t
365:v
351:.
335:.
316:.
297:.
276:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.