| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <4C042D54.30141.5334DE13@nick.virus-l.demon.co.uk> Date: Tue, 01 Jun 2010 09:42:44 +1200 From: Nick FitzGerald <nick@...us-l.demon.co.uk> To: full-disclosure@...ts.grok.org.uk Cc: bugtraq@...urityfocus.com Subject: Re: What are the basic vulnerabilities of a software? rajendra prasad wrote: > Hi List, > I am preparing a list of main and basic vulnerabilities in software. Please > let me know If you know other than the below list. Why yes, I do... > List of Basic Vulnerabilities: > 1. Buffer Overflow: Stack, Heap. > 2. Format String Vulnerabilities > 3. SQL Injections > 4. XSS Vulnerabilities Cheating on a homework assignment? Arguably only one of the above is a basic vulnerability (and even that is probably debatable) -- the other three are just examples of one or other basic types (and two of them are probably examples of the same basic type). Try to get hold of the RISOS Project report(s) or sources that summarize that work. Any good, basic CompSec textbook should cover this stuff, BUT there is more than one widely referenced comprehensive categorization of basic security errors, so you should probably check around a bit... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists