Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors
نویسندگان
چکیده
We want to help developers and security practitioners understand common types of coding errors that lead to vulnerabilities. By organizing these errors into a simple taxonomy, we can teach developers to recognize categories of problems that lead to vulnerabilities and identify existing errors as they build software. The information contained in our taxonomy is most effectively enforced via a tool. In fact, all of the errors included in our taxonomy are amenable to automatic identification using static source code analysis techniques. We demonstrate why our taxonomy is not only simpler, but also more comprehensive than other modern taxonomy proposals and vulnerability lists. We provide an in-depth explanation and one or more code-level examples for each of the errors on a companion web site: http://vulncat.fortifysoftware.com.
منابع مشابه
A Proposed Taxonomy of Software Weapons
The terms and classification schemes used in the computer security field today are not standardised. Thus the field is hard to take in, there is a risk of misunderstandings, and there is a risk that the scientific work is being hampered. Therefore this report presents a proposal for a taxonomy of software based IT weapons. After an account of the theories governing the formation of a taxonomy, ...
متن کاملEvaluating security tools towards usable security
The main success of the internet is its openness. To guarantee security in the internet for example to protect the user’s privacy or the security of online transactions the use of security tools is essential. Because today’s internet users cover almost all educational levels and professional groups, we assume that they will be mostly security novices. Unfortunately, the usage of today’s securit...
متن کاملError Taxonomy of TOEFL iBT Writing: An Iranian Perspective
TOEFL iBT has turned recently heads to the impacts language tests can have on language learning. Since error analysis-based instruction has gained a new life with the advent of the computer analysis of the learner’s language, the researchers of this study embarked on examining a sample of integrated and independent writing tasks of 45 Iranian TOEFL iBT candidates in order to identify and classi...
متن کاملموانع گزارش خطا و راهکارهای کاهش آن از دید پرستاران بیمارستانهای تامین اجتماعی استان کرمان
Abstract Background & Aims: Errors are unavoidable in clinical practice, but it can be minimized in terms of frequency and intensity. Reporting the errors is so important and effectively avoids future errors that may cause patients harm. This study was conducted to identify barriers of error reporting by nurses and preventive strategies in social security hospitals in Kerman, Iran. Materi...
متن کاملA Security Design Pattern Taxonomy based on Attack Patterns - Findings of a Systematic Literature Review
Security design patterns are proven solutions to security problems in a given context with constructive measures of how to design certain parts of a software system. The literature contains numerous definitions, examples, and taxonomies of such patterns. There are also a few quality criteria for them. We suggest a new taxonomy based on attack patterns in order to enhance applicability of securi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IEEE Security & Privacy
دوره 3 شماره
صفحات -
تاریخ انتشار 2005