7 Ways Poor Resource Management Compromises Software Security
Here are 7 ways in which poor resource management on behalf of the programmer or developer can leave software vulnerable to security threats.
Classic Buffer Overflow
The issue in question is exactly as the name suggests – pour a lot of information in a tiny amount of space and some of it is bound to overflow. The word ‘classic’ is used as a prefix because this problem has been around since the very early days of C-programming. Some things indeed never change. There are numerous mistakes one can make that end up triggering a buffer overflow.
Data transfer may seem like the simplest thing in the world, but in reality, even the simplest data transfer process is anything but simple. It is unbelievable the number of times sensitive files are left exposed; files that you would rather have protected. All an attacker needs is momentary access to these files and time enough to provide input when constructing a filename.
Failure to perform integrity check on code
Coding has become very easy these days thanks to vast number of resources online that allow programmers and developers to download codes and use them in their projects. Of course, downloading and using such codes means trusting the source. Even if the website you download codes from is trustworthy, attackers can always mess around with various components and make you download malicious codes.
Functionalities from Untrusted Control Spheres
A simple way to construct a program is to build little pieces and then combine them to for the actual program. Building it in pieces helps ensure that the programmer can pay close attention to the coding problems of every specific piece. However, if a hacker can influence the location of even one of those pieces, then you are asking for trouble. The code within that one piece can bring the entire program down.
Every programmer has access to a number of tools that can make his or her life much easier. However, these tools are often double-edged swords. If not configured properly, the potentially dangerous functions can cause havoc due to misuse.
As mentioned previously, buffer overflow is a very common issue, and has been for some time. However, the problem is not always too much information. Sometimes, the amount of data is just right; it is the size of the buffer that is too small. When a programmer miscalculates the size of the required buffer, a buffer overflow becomes inevitable. Although it seems like a minor issue, it is so prevalent that it has found itself a place in the SANS 25 list.
Uncontrolled Format String
A programmer always has to stay in control of his format strings. An uncontrolled format string is too tempting a loophole, just sitting and waiting to be exploited. An attacker can easily identify an uncontrolled format string and change the input and output parameters in order to execute a particular code.
The 7 vulnerabilities listed above show us just exactly why resource management is a crucial aspect of software development and why programmers should not take it lightly.