Software Vulnerabilities

al salam 3lykom
i was reading about "buffer overflow" topic, then Software Vulnerabilities
i wanted 2 share you this info ...

wikipedia كتب:

In computer security, the term vulnerability is applied to a weakness in a system which allows an attacker to violate the integrity of that system. Vulnerabilities may result from weak passwords, software bugs, a computer virus or other malware, a script code injection, or a SQL injection.A security risk is classified as a vulnerability if it is recognized as a possible means of attack. A security risk with one or more known instances of working and fully-implemented attacks is classified as an exploit. Constructs in programming languages that are difficult to use properly can be a large source of vulnerabilities.

wikipedia كتب:

Password Management Flaws The computer user uses weak passwords that could be discovered by brute force. The computer user stores the password on the computer where a program can access it. Users re-use passwords between many programs and websites. Fundamental Operating System Design Flaws – The operating system designer chooses to enforce sub optimal policies on user/program management. For example operating systems with policies such as default permit grant every program and every user full access to the entire computer. This operating system flaw allows viruses and malware to execute commands on behalf of the administrator. [1] Software Bugs – The programmer leaves an exploitable bug in a software program. The software bug may allow an attacker to misuse an application through (for *Unchecked User Input – The program assumes that all user input is safe. Programs that do not check user input can allow unintended direct execution of commands or SQL statements (known as Buffer overflows, SQL injection or other non-validated inputs).

more info:
http://en.wikipedia.org/wiki/Software_vulnerabilities

salam

يا سبحان الله
كنت لسه بقرى عن sql injection
تسلم يا جميل
فيه حاجت فى المضووع فادتنى