Wouldn’t it be an easier life if we didn’t have to worry about the exploitation of vulnerabilities in solutions and software on which we have spent good time and resources? A world where correctly configured systems configured were left alone to perform their functions until they became redundant and/or needed replacing?

It is a beautiful dream. Sadly, it’s also a highly unrealistic one.

DevOps Connect:DevSecOps @ RSAC 2022

Adobe, Microsoft, Debian, Chrome and Fedora are all software producers that are likely to show up in your network in some shape or form. They also all feature in the 2019 list of the top 10 vendors with the highest reported security vulnerabilities.

MITRE, the company which maintains the CVE list of vulnerabilities, counts a whopping 1,370 vulnerabilities shared between the 10 of them this year alone.

With so many vulnerabilities in well-used software and solutions, it can be hard to know on which types of vulnerabilities to concentrate your security efforts. But I’m all for making life a little easier. That being said, here are 6 types vulnerabilities which we think you should be aware of.

Buffer Attacks

Buffers are queue spaces which software uses as temporary storage before processing or transmission. Unfortunately, early programmers failed to protect them, and some still struggle with this. Which explains why buffer attacks are one of the most well-known attack vectors even today.

There are two common buffer attacks:

  • The buffer overflow, where a buffer is filled with data that is larger than its maximum size. This causes the software to crash or in some cases, initiate a reboot.
  • Out-of-bounds read/writes, where reading and writing functions can take place outside of the buffer memory location. This can allow for unauthorized access and writing to other areas of the software, which can have unintended outcomes.

SQL Injection

It (Read more...)