This document summarizes common software vulnerabilities and how to prevent them. It identifies 21 specific vulnerabilities including authentication issues, credential management problems, buffer errors, cross-site scripting, cryptographic issues, path traversal, code injection, format string vulnerabilities, configuration issues, information leaks, input validation errors, numeric errors, OS command injections, race conditions, resource management mistakes, SQL injection, link following vulnerabilities, design errors, and undefined vulnerabilities. It provides examples of each type of issue and recommends addressing them through strategies like access control, input validation, encryption, and avoiding race conditions.

1. Identifying & Fixing the Most
Common Software Vulnerabilities
Graduate Research Fair 2012
Alireza Aghamohammadi
Dr. Ali Eydgahi
3/26/12

2. • What are software vulnerabilities ?
• Why software vulnerabilities are
important ?
• How can we prevent software
vulnerabilities ?
• Who creates software vulnerabilities ?

3. 1.Authentication Issues
-log in, set cookie but third person sets the cookie
and by pass.
2. Credentials Management
Poor passwords, password aging too long , weak
password recovery etc.
2.Permissions, Privileges, and Access Control
Access control, ownership of user/passwords etc
3.Buffer Errors
char array[15];
for( int i = 0; i < 64; i++ )
array[i] = (char)i;

4. 5.Cross-Site Request Forgery (CSRF) –
While session exist allow user to send request to
server. Attacker’s code becomes from the user web
browser.
6.Cross-Site Scripting (XSS)Hacker’s code is submitted via profile description to the
website..it’s stored but then every time user logs and
visits the page then hacker will receive an email.
7.Cryptographic Issues –
Missing Encryption of Sensitive Data –password and
DB
8.Path Traversal –
Hacker tries to access the files that are outside of root
directory of webserver. /var/www, Tomcat
7.0webappsROOT

5. 9. Code Injection$userTyped = $_GET[“userInputInfo"];
$handle = fopen($someFile, "a+");
fwrite($handle, '$ userTyped '<hr>n");
fclose($handle);
%3C?php%20system(%22/bin/rm%20*%22);?%3E
10.Format String Vulnerabilitysnprintf(buf,128,argv[1]); ,printf(lastname);
11.ConfigurationServer Misconfiguration , Application Misconfiguration
12.Information Leak / Disclosure-

6. 13.Input Validation
public static final double cost = 100.00;
int orderedCount =
currentUser.getAttribute(“countUserOrderNum");
double total = price * orderedCount;
chargeCreditCard(total);
14.Numeric Errors
System.out.println( " averages " + total/count );
15.OS Command Injections
$clientName = $_POST[“client"];
$command = 'ls -l /home/' . $clientName;
system($command); //;rm -rf /
16.Race Conditions
Thread1
Thread 2

7. 17.Resource Management Errors
try {Connection con =
DriverManager.getConnection(some_connection_strin
g)
} catch ( Exception e ) { log( e ) } finally { con.close() }
18.SQL Injection
input box
19.Link Following
ln –s text.txt somewherebad/bad_text.txt
20.Design Error
Architects problems ..
21.Undefined

8. References
National Institute of Standards and Technology. (2009). CWE - common
weakness enumeration. Retrieved November, 26, 2009,
from http://nvd.nist.gov/cwe.cfm
National Cyber Security Division of the U.S. Department of Homeland
Security. (2011). CWE -Common Weakness Enumeration. Retrieved
March 10, 2012, from http://cwe.mitre.org/index.html