Software Vulnerability

A software vulnerability is a defect in software that could allow an attacker to gain control of a system. These defects can be because of the way the software is designed, or because of a flaw in the way that it’s coded.

An attacker first finds out if a system has a software vulnerability by scanning it.  The scan can tell the attacker what types of software are on the system, are they up to date, and whether any of the software packages are vulnerable.  When the attacker finds that out, he or she will have a better idea of what types of attacks to launch against the system.  A successful attack would result in the attacker being able to run malicious commands on the target system.

An attacker can exploit a software vulnerability to steal or manipulate sensitive data, join a system to a botnet, install a backdoor, or plant other types of malware.  Also, after penetrating into one network host, the attacker could use that host to break into other hosts on the same network.

I. Causes a Software Vulnerability

There are two main things that can cause a software vulnerability. 

i. A flaw in the program’s design, such as in the login function, could introduce a vulnerability.  

ii. Even if the design is perfect, there could still be a vulnerability if there’s a mistake in the program source code.

Coding errors could introduce several types of vulnerabilities, which include the following:

Buffer overflows – These allow someone to put more data into an input field than what the field is supposed to allow.  An attacker can take advantage of this by placing malicious commands into the overflow portion of the data field, which would then execute.

SQL Injection – This could allow an attacker to inject malicious commands into the database of a web application.  The attacker can do this by entering specially-crafted Structured Query Language commands into either a data field of a web application form, or into the URL of the web application.  If the attack is successful, the unauthorized and unauthenticated attacker would be able to retrieve or manipulate data from the database.

Third-party libraries – Many programmers use third-party code libraries, rather than try to write all software from scratch.  This can be a real time-saver, but it can also be dangerous if the library has any vulnerabilities.  Before using any of these libraries, developers need to verify that they don’t have vulnerabilities.

Application Programming Interfaces – An API, which allows software programs to communicate with each other, could also introduce a software vulnerability.  Many APIs are not set up with strict security policies, which could allow an unauthenticated attacker to gain entry into a system.

Prevention:

The best way to deal with a software vulnerability is to prevent it from happening in the first place.  Software developers need to learn secure coding practices, and automatic security testing must be built into the entire software development process.

Software developers are responsible to continually monitor for publications of new vulnerabilities that affect software they sold. Once such a vulnerability is discovered they must patch it as quickly as possible and send an update to the users.

End users have the responsibility of keeping their systems up-to-date, especially with installing security-related software patches.

Types of Vulnerabilities

The most common types of cyber security vulnerabilities:

System Misconfigurations

Network assets that have disparate security controls or vulnerable settings can result in system misconfigurations. Cybercriminals commonly probe networks for system misconfigurations and gaps that look exploitable. Due to the rapid digital transformation, network misconfigurations are on the rise. Therefore, it is important to work with experienced security experts during the implementation of new technologies.

Out-of-date or Unpatched Software

Similar to system misconfigurations, hackers tend to probe networks for unpatched systems that are easy targets. These unpatched vulnerabilities can be exploited by attackers to steal sensitive information. To minimize these kinds of risks, it is essential to establish a patch management schedule so that all the latest system patches are implemented as soon as they are released.

Missing or Weak Authorization Credentials

A common tactic that attackers use is to gain access to systems and networks through brute force like guessing employee credentials. That is why it is crucial that employees be educated on the best practices of cybersecurity so that their login credentials are not easily exploited.

Malicious Insider Threats

Either with malicious intent or unintentionally, employees with access to critical systems sometimes end up sharing information that helps cyber criminals breach the network. Insider threats can be really difficult to trace as all actions will appear legitimate. To help fight against these types of threats, one should invest in network access control solutions, and segment the network according to employee seniority and expertise.

Missing or Poor Data Encryption

It’s easier for attackers to intercept communication between systems and breach a network if it has poor or missing encryption. When there is poor or unencrypted information, cyber adversaries can extract critical information and inject false information onto a server. This can seriously undermine an organization’s efforts towards cyber security compliance and lead to fines from regulatory bodies.

Zero-day Vulnerabilities

Zero-day vulnerabilities are specific software vulnerabilities that the attackers have caught wind of but have not yet been discovered by an organization or user.

There are no available fixes or solutions since the vulnerability is not yet detected or notified by the system vendor. These are especially dangerous as there is no defense against such vulnerabilities until after the attack has happened. Hence, it is important to remain cautious and continuously monitor systems for vulnerabilities to minimize zero-day attacks.

Cyber Security Vulnerabilities

In cyber security, vulnerability is a weakness that can be exploited by cybercriminals to gain unauthorized access to a computer system. After exploiting vulnerability, a cyber attack can run malicious code, install malware and even steal sensitive data.

Vulnerabilities can be exploited by a variety of methods including SQL injection, buffer overflows, cross-site scripting (XSS) and open-source exploit kits that look for known vulnerabilities and security weaknesses in web applications.

I. Causes of Vulnerabilities

There are many causes of vulnerabilities including:

Complexity

‍Complex systems increase the probability of a flaw, misconfigurations or unintended access.

Familiarity

‍Common code, software, operating systems and hardware increase the probability that an attacker can find or has information about known vulnerabilities.

Connectivity

‍The more connected a device is the higher the chance of a vulnerability.

Poor Password Management

‍Weak passwords can be broken with brute force and reusing passwords can result in one data breach becoming many.

Operating System Flaws

‍Like any software, operating systems can have flaws. Operating systems that are insecure by default and allow any user to gain access and potentially inject viruses and malware.‍

Internet Usage

‍The Internet is full of spyware and adware that can be installed automatically on computers.

Software Bugs

‍Programmers can accidentally or deliberately leave an exploitable bug in software. Sometimes end users fail to update their software leaving them unpatched and vulnerable to exploitation.

Unchecked User Input

‍If your website or software assumes all input is safe it may execute unintended SQL commands.

People

‍The biggest vulnerability in any organization is the human at the end of the system. Social engineering is the biggest threat to the majority of organizations.

II. Vulnerabilities Classification

Vulnerabilities can be classified into six broad categories

1. Hardware

Susceptibility to humidity, dust, soiling, natural disaster, poor encryption or firmware vulnerability.

2. Software

‍Insufficient testing, lack of audit trail, design flaws, memory safety violations (buffer overflows, over-reads, dangling pointers), input validation errors (code injection, cross-site scripting (XSS), directory traversal, email injection, format string attacks, HTTP header injection, HTTP response splitting, SQL injection), privilege-confusion bugs (clickjacking, cross-site request forgery, FTP bounce attack), race conditions (symlink races, time-of-check-to-time-of-use bugs), side channel attacks, timing attacks and user interface failures (blaming the victim, race conditions, warning fatigue).

3. Network

Unprotected communication lines, man-in-the-middle attacks, insecure network architecture, lack of authentication or default authentication.

4. Personnel

Poor recruiting policy, lack of security awareness and training, poor adherence to security training, poor password management or downloading malware via email attachments.

5. Physical site

‍Area subject to natural disaster, unreliable power source or no keycard access.

6. Organizational

‍Lack of audit, continuity plan, security or incident response plan.