Advance Software Security - Software Vulnerabilities

Understanding software vulnerabilities is crucial for improving software security.
Key areas of focus include classification of security flaws and specific types of software vulnerabilities.

At the end of the session, you should understand:
- Classification of Security Flaws
- Software Vulnerabilities

I/O Validation: Ensures that inputs to the software are validated to prevent harmful data.
Session Management: Controls user sessions to prevent unauthorized access.
Authentication: Verifies user identities securely.
Password Management: Manages user passwords effectively.
Authorization & ACL (Access Control List): Determines user access rights.
File Upload & Download: Safeguards against malicious file transfers.
Exception Management: Manages errors without exposing sensitive information.
Encryption: Protects data using secure cryptographic methods.
Configuration Management: Maintains optimal settings for security.
Audit & Logging: Tracks system activity for security assessments.

I/O Validation Vulnerabilities:
- SQL Injection: Inadequate sanitization of user input leads to unwanted SQL command execution.
- XSS (Cross-Site Scripting): User input is not properly sanitized before displaying on a webpage.
- OS Command Injection: Malicious inputs alter OS commands.
- LDAP Injection: Unsanitized input in LDAP queries alters query structure.
- URL Redirection: User input used for redirecting to untrusted sites.
Authentication Vulnerabilities:
- Missing Function Level Access Control: Restriction not enforced on high-privilege functionalities.
- Improper Restriction of Excessive Authentication Attempts: Susceptible to brute-force attacks due to insufficient limits.
Password Management Vulnerabilities:
- Use of Hard-coded Password: Sensitive credentials are hard-coded within the software.
- Weak Password Requirements: Minimal password complexity leads to easy account compromise.
Authorization & ACL Vulnerabilities:
- Improper Authorization: Fails to verify user permissions adequately.
- Incorrect Permission Assignment: Security-critical resources not properly restricted.
- Download of Code Without Integrity Check: Executing unverified remote code.
File Upload & Download Vulnerabilities:
- Unrestricted Upload of File: Dangerous file types that compromise security can be uploaded.
- Path Traversal: Malicious inputs can bypass directory restrictions leading to unauthorized file access.

SQL Injection Overview:
- Inputs manipulate SQL statements due to lack of proper input validation.
XSS Overview:
- Outputs unvalidated user inputs as web content, allowing for malicious script execution.
OS Command Injection Overview:
- Similar to SQL injection, but affects OS-level commands.
URL Redirection Overview:
- Redirecting users based on untrusted input enables phishing attacks.
LDAP Injection Overview:
- Injection can lead to unauthorized access or modification of LDAP entries.
CSRF (Cross-Site Request Forgery) Overview:
- Attackers trick users into executing actions without their knowledge on authenticated sites.
- Attacker creates a fake form that submits a request on behalf of the user.

Memory Buffer Overflow:
- Accessing out-of-bound memory leads to undefined behavior and potential exploits.
Integer Overflow:
- Calculation exceeding maximum integer size can lead to unwanted application behavior.
Uncontrolled Format String:
- External format strings can cause unexpected operations if improperly handled.

Properly validate all user inputs to prevent injections.
Implement strong authentication mechanisms and password policies.
Regularly review and test access controls.
Ensure sensitive information is encrypted and never hard-coded in software.
Maintain rigorous error management and logging practices to observe and respond to issues quickly.