If we develop software with security in mind right from the beginning, it will help us in addressing several software-related security concerns. In order to do that, all programmers need to understand the aspect of security and learn how to make code more secure in addition to being more efficient. They should be able to design code which is secure under all operating conditions. A carefully designed program or software automatically plugs most of the loopholes that can be exploited. The following are just some of the mistakes or attacks that occur owing to flaws in software designing and system architecture. Nevertheless, by carefully designing architecture, following appropriate development practices, using design patterns and introducing proper safety and security steps, such kind of exploits and attacks can be avoided.
- SQL injection: This is the type of attack where syntax of sql or data that is passed to the sql query is exploited.
- Dynamic Link Library (DLL) injection: The DLL whose code can be executed or can be used to abort a process is introduced in the process leading to creation of a remote thread or change in the behavior of the program
- Brute Force Prone Entry Points: It usually happens when there is no protection from malicious automatic execution programs trying different permutations and combinations to access data or information.
- Unobfuscated programs: In this type of attack, the program can easily be read and important information extracted.
- In-memory editing & Process Injection: In this case, the values of variables and processes are altered or introduced during execution of program.
- Buffer overflow: Under this type of exploitation, the program is forced to perform execution that it cannot efficiently control, leading to buffer over flow.
- Access level of class & Type Safety: While designing software architecture and using Object Oriented Language we should be very careful in providing access level to class. Special consideration should also be given for type safety.
- Cross-site scripting (XSS): During this type of exploitation, client side scripts are injected in web-based content that lets it bypass certain access controls, take command or pass on data to and from other sites.
The above-mentioned exploits are only a few instances. Besides, they are not applicable to all technologies, languages and platforms used. While a type of exploit might occur in case of a particular technology, another may not. However, these are some of the most common exploits and most of the programs are prone to them. Every system and software architect should watch out for them.
Written By: Sayed Mohammad Ahmad