• Corpus ID: 18967885

Introduction to Logic Flaws What Is a Flaw in Code? Where Do These Flaws Come From?

  title={Introduction to Logic Flaws What Is a Flaw in Code? Where Do These Flaws Come From?},
  • Computer Science
A software vulnerabilities are defects in the code that could be exploited. Security expert McGraw separates these into two categories: bugs, and flaws [1,2]. Bugs are implementation problems in software. For example: an off-by-one error, buffer overflows, and using unsafe methods. Bugs will only exist at the code level, can be discovered using scanners, and can typically be fixed on one line or in a localized area. It does not matter what the code is being used for. Flaws, on the other hand… 

Tables from this paper


Exploiting Software: How to Break Code
This book discusses Reverse Engineering and Program Understanding, Reverse Engineering Tools and Concepts, and Buffer Overflows and Embedded Systems, as well as Specific Techniques and Attacks for Server Software.
Toward Black-Box Detection of Logic Flaws in Web Applications
This paper proposes a novel black-box technique to detect logic vulnerabilities in web applications based on the automatic identification of a number of behavioral patterns starting from few network traces in which users interact with a certain application.
Toward Automated Detection of Logic Vulnerabilities in Web Applications
This paper uses dynamic analysis and observes the normal operation of a web application to infer a simple set of behavioral specifications, and uses model checking over symbolic input to identify program paths that are likely to violate these specifications under specific conditions, indicating the presence of a certain type of web application logic flaws.
Software Security: Building Security In
  • G. McGraw
  • Computer Science
    2006 17th International Symposium on Software Reliability Engineering
  • 2006
This book presents a detailed approach to getting past theory and putting software security into practice, and describes a manageably small set of touchpoints based around the software artifacts that you already produce that can be adopted without radically changing the way you work.
Position paper: why are there so many vulnerabilities in web applications?
Evidence, justification, and in-depth analysis are presented to support the position that the Trusted Computing Base of the Web has significant weaknesses and that to build secure stateful applications on top of a weakened TCB, developers have to implement extra protection logic in their web applications.
The trustworthy computing security development lifecycle
  • S. Lipner
  • Computer Science
    20th Annual Computer Security Applications Conference
  • 2004
The trustworthy computing security development lifecycle (or simply the SDL) is described and experience with its implementation across a range of Microsoft software is discussed, showing a significantly reduced rate of external discovery of security vulnerabilities.
Code complete - a practical handbook of software construction, 2nd Edition
This book focuses on programming technique rather than the requirements of a specific programming language or environment, and Topics include: front-end planning, applying good design techniques to construction, using data effectively, using common and advanced control structures, secrets of self-documenting code, testing and debugging techniques.
The security development lifecycle : SDL, a process for developing demonstrably more secure software
Part 1: The Need for the SDL Enough is Enough: The Threats Have Changed Current Software Development Methods Fail to Produce Secure Software A Short History of the SDL at Microsoft SDL for Management
Effective methods for software testing
The three-Step process to becoming a World-Class Software Testing Organization and the seven-Step Testing Process, which includes building Software Tester Competency, are outlined.
How to Shop for Free Online -- Security Analysis of Cashier-as-a-Service Based Web Stores
The complexity in finding this type of logic flaws in typical CaaS-based checkout systems is studied, and a preliminary understanding of the effort that needs to be made to improve the security assurance of such systems during their development and testing processes is gained.