An Analysis of Software Security Attacks and Mitigation Controls

The security vulnerabilities hidden in software programs pose a major threat, on the computers and networks, when appropriately exploited by a malicious user. The vulnerabilities arise primarily due to the coding errors and/or flaws in the underlying platform. The book researches on the well-known coding and platform vulnerabilities related to the security of software programs and the attacks they lead to. Specifically, the following software security attacks are analyzed in detail: SQL injection attacks, Cross-site scripting (XSS) attacks, Cross-site request forgery (XSRF) attacks, and the Time-of-check-to-time-of-use (TOCTTOU) attacks. The book examines the vulnerabilities that lead to each of these attacks, illustrates real-time examples of implementing these attacks with step-by-step instructions, as well as explores the use of appropriate security controls to completely avoid or at least mitigate the attacks. In addition to analyzing the above attacks in detail, the book presents a high-level overview of the following software security attacks: Linearization attacks, Arithmetic overflow attacks, Buffer overflow attacks, Stack smashing buffer overflow and Format string attacks.