Seven pernicious kingdoms: a taxonomy of software security errors

摘要: Taxonomies can help software developers and security practitioners understand the common coding mistakes that affect security. The goal is to avoid making these more readily identify problems whenever possible. Because today are by large unaware of they (unknowingly) introduce into code, a taxonomy errors should provide real tangible benefit community. Although proposed here incomplete imperfect, it provides an important first step. It focuses on collecting explaining them in way makes sense programmers. This new made up two distinct kinds sets, which we're stealing from biology: phylum (a type error, such as illegal pointer value) kingdom collection phyla shares theme, input validation representation). Both kingdoms naturally emerge soup rules relevant enterprise software, it's for this reason likely be might lack certain errors. In some cases, easier effective talk about category than any particular attack. categories certainly related attacks, aren't same attack patterns.