Defects and vulnerabilities can cause software to be misused or exploited. Defects can cause an executable code to result in an error when activated. A vulnerability in software can allow a hacker to penetrate a system to gain access to that system. Either one could lead to exposed software or networks that could expose data to unauthorized access.
Memory Corruption is defined by The Economic Times as “the vulnerability that may occur in a computer system when its memory is altered without an explicit assignment”. This might be caused by program errors and might allow outside hackers to “execute an arbitrary code”, according to The Economic Times. This vulnerability can be stopped by “preventing stack, heap and integer overflows”, according to The Economic Times. Stack overflows come about when a program uses more memory than the stack size and could crash a program. Heap overflow can occur when we forget to free up memory after use. This can cause memory leakage. Integer overflows can occur when a program tries to fit a larger number than has been defined by a particular range.
This could lead to another vulnerability called a buffer overflow. A buffer overload occurs when the memory exceeds its assigned storage area. This can cause a program to write to other memory areas instead of the assigned buffer. According to Imperva, “it generally results from malformed inputs or failure to allocate enough space for the buffer.” This can cause the program to have memory errors or to crash altogether. To prevent this, programmers can write in security measures within their code to prevent this vulnerability.
Another vulnerability could be issues with control flow. Control flow has to do with the order in which instructions are executed in an application and how manage how fast data goes between two devices. Issues can occur by overwhelming other devices that maybe receiving the data being executed. Problems with the control flow could be caused by Denial of Services attacks trying to crash the system. With hardware and software becoming more sophisticated, control flow may be eliminated or replaced with other control systems.
Another vulnerability has to do with error handling issues. Error handling messages are built into let you know if a problem has been detected with the software or hardware and if it has been resolved. One of the issues that may occur is if these messages are accessed by a hacker and he is able to find out where there are other vulnerable issues going on within a system. According to Ferragamo, Wichers, Bird, and Kingthorin, 2021, “A specific policy for how to handle errors should be documented, including the types of errors to be handled and for each, what information is going to be reported back to the user, and what information is going to be logged.” This should help to ensure that all errors are accounted for and that everyone understands what to look for.
The last vulnerability has to do with insecure data handling. This is when someone gets access to data that they shouldn’t have access to. A company has to be monitor who has access to what data and the company should secure that data that is deemed sensitive in nature to the company. The company has to put policies in place to prevent data loss and it can also come up with strategies to keep sensitive data safe through designating areas that only people with secured access can get into.
References:
Ferragamo, J., Wichers, Bird,J., Kingthorin . 2021, November 4th.
Improper error handling. https://owasp.org/www-community/improper_error_handling.
Improper
Error Handling | OWASP
Imperva. 2021 November 4th. What is a buffer overflow? https://www.imperva.com/learn/application-security/buffer-overflow/.
Technopedia. 2021, November 4th. What is Error Handling? https://www.technopedia.com/definition/16626/error-handling
The Economic Times. 2021, November 4th. What is memory
corruption? https://www.economictimes.indiatimes.com/definition/memory/-corruption.
What is Memory Corruption? Definition of Memory
Corruption, Memory Corruption Meaning – The Economic Times (indiatimes.com)