lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 01 Jun 2010 09:42:44 +1200
From: Nick FitzGerald <nick@...us-l.demon.co.uk>
To: full-disclosure@...ts.grok.org.uk
Cc: bugtraq@...urityfocus.com
Subject: Re: What are the basic vulnerabilities of a
	software?

rajendra prasad wrote:

> Hi List,
> I am preparing a list of main and basic vulnerabilities in software. Please
> let me know If you know other than the below list.

Why yes, I do...

> List of Basic Vulnerabilities:
> 1. Buffer Overflow: Stack, Heap.
> 2. Format String Vulnerabilities
> 3. SQL Injections
> 4. XSS Vulnerabilities

Cheating on a homework assignment?

Arguably only one of the above is a basic vulnerability (and even that 
is probably debatable) -- the other three are just examples of one or 
other basic types (and two of them are probably examples of the same 
basic type).  Try to get hold of the RISOS Project report(s) or sources 
that summarize that work.  Any good, basic CompSec textbook should 
cover this stuff, BUT there is more than one widely referenced 
comprehensive categorization of basic security errors, so you should 
probably check around a bit...



Regards,

Nick FitzGerald


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists