Abstract
More and more software is deployed in an environment with wide area network connectivity, in particular with connectivity to the Internet. Software developers are not always aware of the security implications of this connectivity, and hence the software they produce contains a large number of vulnerabilities exploitable by attackers.
Statistics show that a limited number of types of vulnerabilities account for the majority of successful attacks on the Internet. Hence, we believe that it is very useful for a software developer to have a deep understanding of these kinds of vulnerabilities, in order to avoid them in new software. In this paper, we present a survey and classification of the most commonly exploited software vulnerabilities.
Chapter PDF
Similar content being viewed by others
References
Anderson, Ross (2001) Security Engineering. A Guide to Building Dependable Distributed Systems. Wiley and Sons publishers.
Paul F. Bartock et al., Guide to Securing Microsoft Windows NT Networks, National Security Agency
DNS based attack on Java http://www.cs.princeton.edu/sip/news/dns-spoof.html
Micheal Espinola Jr (Santeria Systems), The Hardening of Microsoft Windows NT, http://www.networkcommand.com/docs/HardNT40rel1.pdf
Edward W. Felten, Dirk Balfanz, Drew Dean, and Dan S. Wallach, “Web Spoofing: An Internet Con Game”, 20th National Information Systems Security Conference (Baltimore, Maryland ), October, 1997.
Gollmann, Dieter (2000) Computer Security. Wiley and Sons publishers.
CE Landwehr, AR Bull, JP McDermott, WS Choi, “A Taxonomy of Computer Program Security Flaws, with Examples”, ACM Computing Surveys 26, no. 3 (Sep 1994).
Sheng Liang, Gilad Bracha, “Dynamic Class Loading in the Java Virtual Machine”, Proceedings of the Conference on Object-oriented programming, systems, languages, and applications (OOPSLA’98), pp. 36 — 44.
Netscape (In)Security Problems, http://www.demailly.com/di/netscapesec/
Jerome H. Saitzer and Michael D. Schroeder. “The protection of Information in Computer Systems”, in Proceedings of the IEEE, vol. 63 no. 9 (Mar 1975), pp. 1287–1308.
SANS Institute, The ten most critical security threats, http://www.sans.org/topten.htm
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer Science+Business Media New York
About this chapter
Cite this chapter
Piessens, F., De Decker, B., De Win, B. (2002). Developing Secure Software. In: Gertz, M., Guldentops, E., Strous, L. (eds) Integrity, Internal Control and Security in Information Systems. IICIS 2001. IFIP — The International Federation for Information Processing, vol 83. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35583-2_2
Download citation
DOI: https://doi.org/10.1007/978-0-387-35583-2_2
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-5537-4
Online ISBN: 978-0-387-35583-2
eBook Packages: Springer Book Archive