网络攻击与防范3-漏洞.ppt

Vulnerabilities
Vulnerability Finding Today
Security bugs can bring $500-$100,000 on the open market
Good bug finders make $180-$250/hr consulting
panies can find good people, many don’t even realize this is possible.
Still largely a black art
Security Vulnerabilities
What can Security bugs an attacker do?
avoid authentication
privilege escalation
bypass security check
deny service (crash/hose configuration)
run code remotely
Vulnerabilities
Basis Concepts
Techniques for Detecting Vulnerabilities
Classification of Vulnerabilities
Vulnerability Assessment
Basis Concepts
6
What Are Software Vulnerabilities?
A software vulnerability is an instance of a fault in the specification, development, or configuration of software such that its execution can violate the (implicit or explicit) security policy.
Sources of Vulnerabilities
Among the most frequently mentioned sources of security vulnerability problems works are
design flaws
incorrect implementation
poor security management
social engineering
Examples
Vulnerability Distributions Across Operating Systems
Locations of observed vulnerabilities
Majority of the vulnerabilities occurred in applications
RedHat Linux (79%), Windows 2000 (77%) , and Solaris (90%)
10% to 20% of vulnerabilities are present in the underlying operating systems
Example: Where is the Vulnerability ?
int read_packet(int fd)
{
char header[50];
char body[100];
size_t bound_a = 50;
size_t bound_b = 100;
read(fd, header, bound_b);
read(fd, body, bound_b);
return 0;
}