An overview of common programming security vulnerabilities and possible solutions

On this page you will find my master's thesis:

An overview of common programming security vulnerabilities and possible solutions

Author: Yves Younan
Published as: Master's Thesis, Vrije Universiteit Brussel
Date: August 2003

Programming security vulnerabilities are the most common cause of software se-
curity breaches in current day computing. While these can easily be avoided by
an attentive programmer, many programs still contain these kinds of vulnerabil-
ities. This document will describe what the most commonly occuring ones are
and will then explain how these can be abused to make a program do something
it did not intend to do. We will then take a look at how a recent vulnerability
in a popular piece of software was exploited to allow an attacker to take control of
the execution flow of that program. Several solutions exist to detect and prevent
many, though not all, of the vulnerabilities described in this document in existing
programs without requiring source code modifications, and in some cases without
even requiring access to the source code to the applications. We will take an in-
depth look at how these solutions are implemented and what their effects are on
legitimate programs, how they attempt to mitigate the restrictions they impose and
what their impact is on the performance of the programs they attempt to protect.
We will also describe if and how these solutions can be bypassed.