Product Security Glossary

Software Vulnerability

What is a Software Vulnerability? 

A software vulnerability is a defect in software that could allow an attacker to gain control of a system. These defects can be because of the way the software is designed, or because of a flaw in the way that it’s coded. 

How Does a Software Vulnerability Work? 

An attacker first finds out if a system has a software vulnerability by scanning it.  The scan can tell the attacker what types of software are on the system, are they up to date, and whether any of the software packages are vulnerable.  When the attacker finds that out, he or she will have a better idea of what types of attacks to launch against the system.  A successful attack would result in the attacker being able to run malicious commands on the target system. 

What Can an Attacker Do with a Software Vulnerability? 

An attacker can exploit a software vulnerability to steal or manipulate sensitive data, join a system to a botnet, install a backdoor, or plant other types of malware.  Also, after penetrating into one network host, the attacker could use that host to break into other hosts on the same network. 

What Can Cause a Software Vulnerability? 

There are two main things that can cause a software vulnerability.  A flaw in the program’s design, such as in the login function, could introduce a vulnerability.  But, even if the design is perfect, there could still be a vulnerability if there’s a mistake in the program source code. 

Coding errors could introduce several types of vulnerabilities, which include the following: 

Buffer overflows – These allow someone to put more data into an input field than what the field is supposed to allow.  An attacker can take advantage of this by placing malicious commands into the overflow portion of the data field, which would then execute. 

SQL Injection – This could allow an attacker to inject malicious commands into the database of a web application.  The attacker can do this by entering specially-crafted Structured Query Language commands into either a data field of a web application form, or into the URL of the web application.  If the attack is successful, the unauthorized and unauthenticated attacker would be able to retrieve or manipulate data from the database. 

Third-party libraries – Many programmers use third-party code libraries, rather than try to write all software from scratch.  This can be a real time-saver, but it can also be dangerous if the library has any vulnerabilities.  Before using any of these libraries, developers need to verify that they don’t have vulnerabilities. 

Application Programming Interfaces – An API, which allows software programs to communicate with each other, could also introduce a software vulnerability.  Many APIs are not set up with strict security policies, which could allow an unauthenticated attacker to gain entry into a system. 

How Can We Deal with a Software Vulnerability? 

The best way to deal with a software vulnerability is to prevent it from happening in the first place.  Software developers need to learn secure coding practices, and automatic security testing must be built into the entire software development process.  

Makers are responsible to continually monitor for publications of new vulnerabilities that affect software they sold. Once such a vulnerability is discovered they must patch it as quickly as possible and send an update to the users.  

End users have the responsibility of keeping their systems up-to-date, especially with installing security-related software patches.