1. ISB
Presentation
BY – ANIKET RANJAN
PRABHAT KUMAR SHRUTIVANI
ASHISH KUMAR
ATUL KR RAY
SHIVANGI SHAW
SUBMITTED TO –
DEEPSHIKHA RAI
SOFTWARE VULNERABILITY
2. What is a Software
Vulnerability?
A software vulnerability is a defect in software that could
allow an attacker to gain control of a system. These defects
can be because of the way the software is designed, or
because of a flaw in the way that it’s coded.
2
3. How Does a Software
Vulnerability Work?
╸ An attacker first finds out if a system has a software
vulnerability by scanning it. The scan can tell the
attacker what types of software are on the system,
are they up to date, and whether any of the software
packages are vulnerable. When the attacker finds
that out, he or she will have a better idea of what
types of attacks to launch against the system. A
successful attack would result in the attacker being
able to run malicious commands on the target
system.
╸
3
4. What Can an Attacker Do with a
Software Vulnerability?
╸ An attacker can exploit a software vulnerability to
steal or manipulate sensitive data, join a system to
a botnet, install a backdoor, or plant other types of
malware. Also, after penetrating into one network
host, the attacker could use that host to break into
other hosts on the same network.
4
5. What Can Cause a Software
Vulnerability?
╸ There are two main things that can cause a software
vulnerability.
╸ Coding errors could introduce several types of vulnerabilities,
which include the following:
╸ Buffer overflows – These allow someone to put more data into an
input field than what the field is supposed to allow.
╸ SQL Injection – This could allow an attacker to inject malicious
commands into the database of a web application. The attacker can do
this by entering specially-crafted Structured Query Language
commands into either a data field of a web application form, or into the
URL of the web application.
5
6. What Can Cause a Software
Vulnerability?
╸ Third-party libraries – Many programmers use third-party
code libraries, rather than try to write all software from
scratch. This can be a real time-saver, but it can also be
dangerous if the library has any vulnerabilities. Before using
any of these libraries, developers need to verify that they
don’t have vulnerabilities.
6
7. How Can We Deal with a Software
Vulnerability?
╸ The best way to deal with a software vulnerability is to prevent it from
happening in the first place. Software developers need to learn secure
coding practices, and automatic security testing must be built into the
entire software development process.
╸ Makers are responsible to continually monitor for publications of new
vulnerabilities that affect software they sold. Once such a vulnerability
is discovered they must patch it as quickly as possible and send an
update to the users.
╸ End users have the responsibility of keeping their systems up-to-date,
especially with installing security-related software patches.
7