Software Security Errors

最新推荐文章于 2023-05-02 22:21:01 发布
最新推荐文章于 2023-05-02 22:21:01 发布
阅读量103 收藏
点赞数
分类专栏: pc stuff 文章标签: Security Scheme
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/linlin9111/article/details/83468922
版权

This site presents a taxonomy of software security errors developed by the Fortify Software Security Research Group together with Dr. Gary McGraw. Each vulnerability category is accompanied by a detailed description of the issue with references to original sources, and code excerpts, where applicable, to better illustrate the problem.

The organization of the classification scheme is described with the help of terminology borrowed from Biology: vulnerability categories are referred to as phyla, while collections of vulnerability categories that share the same theme are referred to as kingdoms. Vulnerability phyla are classified into "seven plus one" pernicious kingdoms presented in the order of importance to software security:

  1. Input Validation and Representation
  2. API Abuse
  3. Security Features
  4. Time and State
  5. Errors
  6. Code Quality
  7. Encapsulation
  8. *. Environment

The first seven kingdoms are associated with security defects in source code, while the last one describes security issues outside the actual code. To browse the kingdom and phylum descriptions, simply navigate the taxonomy tree on the left.

The primary goal of defining this taxonomy is to organize sets of security rules that can be used to help software developers understand the kinds of errors that have an impact on security. By better understanding how systems fail, developers will better analyze the systems they create, more readily identify and address security problems when they see them, and generally avoid repeating the same mistakes in the future.

When put to work in an analysis tool, a set of security rules organized according to this taxonomy is a powerful teaching mechanism. Because developers today are by and large unaware of the myriad ways they can introduce security problems into their work, making a taxonomy like this available should provide tangible benefits to the software security community.

Defining a better classification scheme can also lead to better tools: a better understanding of the problems will help researchers and practitioners create better methods for ferreting them out.

To read more about the taxonomy, please see Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors.

linlin9111
关注
专栏目录
SpringBoot系列教程:集成MyBatis,SpringSecurity
AI天才研究院
07-30 1129
Spring Boot是一种新的开源Java开发框架,它极大地简化了基于Java的应用配置,自动装配,消息处理等流程,并提供了运行时的健康检查、外部化配置等功能,因此在实际项目开发中扮演着越来越重要的角色。本系列教程将详细介绍如何利用Spring Boot框架,整合Mybatis和Spring Security,实现对数据库的增删改查及安全管理。Spring Boot介绍MyBatis介绍Spring Security介绍如何整合Mybatis和Spring Security
Soft Skills: The software developer‘s life manual
最新发布
AI天才研究院
08-03 1136
作者:禅与计算机程序设计艺术Software development is a complex and constantly evolving field that requires attention to detail in several areas such as problem-solving skills, analytical thinking, communication skills, teamwork, leadership, and technical expertise. These
Software Security Testing软件安全测试
巅峰测试
08-01 2433
Security testing has recently moved beyond the realm of network port scanning to include probing software behavior as a critical aspect of system behavior (see the sidebar). Unfortunately, testing s
There were errors checking the update sites: SocketException: java.security.NoSuchAlgorithmException
qq_27577263的博客
07-21 868
插件管理页面提示TherewereerrorscheckingtheupdatesitesIOExceptionUnabletotunnelthroughproxy.Proxyreturins“HTTP/1.1400”默认是https//updates.jenkins.io/update-center.json。将https改为http,修改完成,submit,然后重启Jenkins。进入插件管理->Advanced,修改UpdateSite的URL,...
Software Engineering at Google翻译-III-11-Testing overview(测试概述)
戴戴的博客
03-16 2109
Software Engineering at Google翻译 第三篇 第11章 测试概述(Testing overview)
19 Deadly Sins of Software Security (Security One-off)
weixin_33726318的博客
04-01 91
“Ninety-five percent of software bugs are caused by the same 19 programming flaws.” —Amit Yoran, Former Director of The Department of Homeland Security’s National Cyber Security DivisionSec...
CCIE Security
stqer的博客
03-18 2327
前言:CCIE Security在网络安全领域,可以简单理解为硬件层面的安全防护,以防御为核心,组建网络安全的基石。 知识 防火墙 定义 防火墙是一个隔离两个或多个网络区域,并且基于策略限制区域间流量的设备 分类 A.Stateless Packet filtering(无状态包过滤) 特性: 1.依赖于静态的策略来允许和拒绝数据包 2.对静态的TCP应用和仅仅对三层流量的过滤,工作是非常出色的。 3.透明并且高性能 4.一般使用限制的访问控制技术 限制: 1.不能支持动态运用 2.需要实施的专业知识 3.
CPT203-Software Engineering(1)
大家好~我是SP_FA~
09-12 2664
XJTLU CPT203 课程笔记
Spring Security and Angular
大强博客
07-06 2467
Spring Security and AngularA Secure Single Page ApplicationIn this tutorial we show some nice features of Spring Security, Spring Boot and Angular working together to provide a pleasant and secure use...
Effective Software Test Automation
07-16
Thus, software products are delivered to end users with costly errors. These costs are shared by virtually all businesses in the United States that depend on software for their development, ...
ORA-04045: errors during recompilation/revalidation of LBACSYS.LBAC_EVENTS
weixin_30542079的博客
06-25 641
使用orachk工具检查数据库实例的时候,发现报告里面有类似下面这样一些错误(最近有给Oracle 10g应用补丁PSU 10.2.0.5.180717,不清楚是这个产生的还是其他原因导致),使用脚本检查,发现有很多INVALID对象(具体参考[转载]—Health Check Reports Problem: Dependency$ p_timestamp mismatch for VALID ...
Security: Inside Windows Vista User Account Control | Microsoft Docs
dvlinker的技术专栏
05-02 671
Security: Inside Windows Vista User Account Control
主板上的Debug灯的作用
CURSED!
12-10 3963
适合AwardBIOS   AmiBIOS    PhoenixBIOS或Tandy 3000 BIOS 00:已显示系统的配置;即将控制INI19引导装入。 . 01:处理器测试1,处理器状态核实,如果测试失败,循环是无限的。 处理器寄存器的测试即将开始,不可屏蔽中断即将停用。 CPU寄存器测试正在进行或者失败。 02:确定诊断的类型(正常或者制造)。如果键盘缓冲器含有数据就会失效。 停用...
微星AMD 785G主板的BIOS设置详解
CURSED!
11-05 3224
一、BIOS主菜单 1、Standard CMOS Features   标准CMOS属性 2、Advanced BIOS Features   高级BIOS 属性 3、Integrated Peripherals     整合周边设备 4、Power Management       电源管理 5、H/W Monitor            硬件监测 6、Green P...
盈通785G显卡超频/开核教程
CURSED!
11-05 1556
HT总线调节——消除超频 瓶颈 HT总线频率     AMD处理器 采用HT总线和北桥链接,因此HT总线频率也成为超频的影响因素。在CPU外频过高的情况下,HT总线频率会太高导致超频失败。     虽然盈通 主板 在超频时可以自动调整HT总线频率,但是为了保证更强悍的超频选择和更丰富的超频调整,盈通A785GT额外提供了HT总线调节选项,通过在超频时降低H...
一根铜丝降低北桥温度
CURSED!
11-04 1457
夏天已至,爱机温度也随之逐日攀升,然而让笔者意外的是,温度飙升最快的居然不是CPU,而是不起眼的北桥芯片。在手头缺乏装备及资金的情况下,如何可以降低温度呢?突发奇想,不花一毛钱笔者就达到了这一目的。 寻找北桥过热原因 笔者使用的是780G主板,北桥上仅覆盖着非常简陋的一片铝制散热片,780G芯片组虽然算不上TDP最高的芯片组,不过由于使用的是AMD原装散 热器,北桥散热片得不到CPU风扇...
Helios:微软的又一个操作系统?
CURSED!
10-06 749
多核心操作系统Barrelfish尚还历历在目,今天我们又看到了微软的另一个操作系统项目,代号“Helios”(太阳神).Helios是一个基于卫星内核(satellite kernel)的异构多处理平台,其根源可以追溯到微软的另一个操作系统项目“Singularity”——一个完全以托管代码形式开发的微型内核操作系统和一系列相关工具、库,还衍生出了“Midori”.微软在一份14页的文档中开篇解...
桌面上的超级计算机Tesla
CURSED!
10-04 540
Tesla是继GeForce和Quadro之后,第三个显示核心商标。它是一个新的显示核心系列品牌,主要用于高性能电脑运算,用于对抗AMD的流处理器。NVIDIA将显示核心分为主要三个用途。GeForce系列是用来提供家庭娱乐;Quadro则用于专业缯图设计;Tesla就用于大规模的并联电脑运算。   目前,Tesla有三个系列:   Tesla GPU运算处理器 - 外形与普通显卡大致相同...
network error
04-01
4. Firewall or security settings: Sometimes, firewall or security settings can block network traffic, causing network errors. 5. Congestion: If there is too much traffic on the network, it can cause ...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值