Users choose insecure “easy” methods unless secure design is usable.

Buffer Overruns

● Too much data sent to buffer causes overflow.

● Can execute instructions or cause denial-of-service (DoS).

● Leads to data integrity loss.

Command Injection

User input passed directly to compiler/interpreter without validation

. Cross-site Scripting (XSS)

Attacker injects scripts into user sessions via web server.
Steals credentials and sensitive data.

Failure to Handle Errors

System encounters unhandled conditions causing crashes or unexpected behavior.

Failure to Protect Network Traffic

Packet sniffers can intercept data on networks using hubs.

Failure to Store and Protect Data Securely

Weak or missing access controls expose data.

Failure to Use Strong Random Numbers

Weak pseudo-random numbers can be predicted.

Format String Problems

Untrusted input used as format string allows memory access or overwrite.

Neglecting Change Control

Unauthorized or untested changes affect system integrity.

improper File Access

File paths manipulated to access or replace wrong files

Improper Use of SSL (Secure Sockets Layer)

Incorrect secure communication implementation causes exposure.

Information Leakage

Employees unintentionally or intentionally expose classified data.

Integer Bugs (Overflows/Underflows)

Memory corruption due to incorrect integer handling.

Race Conditions

Unexpected timing order causes system conflicts (e.g., file replacement).

SQL Injection

● Improper input validation allows database manipulation

Weak Password-Based Systems

Weak password policies lead to easy compromise

Poor Usability

Users choose insecure “easy” methods unless secure design is usable.