• The 3 important properties which ensures that a program is
secure is 1.Confidentiality 2.Integrity 3.Availability
• An assessment of security can be the quality of the software
• In general ,developers often look at the quantity and types of
flaws for evidence of a product’s quality • One approach to judging quality in . security has been fixing faults • “A software that has many faults early on is likely to have many others still waiting to be found” • Early work in security was based on the paradigm of “penetrate and patch”, in which analysts searched for and repaired faults quickly. • However, this approach made the system less secure. There are 3 reasons why? 1. It focuses only on the fault and not on the context 2. Had many side effects 3. The system cannot be fixed properly because system functionality or performance would suffer as a consequence. • The inadequacies of “penetrate. and patch” approach led researchers to seek a better way to be confident that code meets its requirements.
• One way to do is to compare the requirements with the
behaviour
• The unexpected behaviour of system is called as program
security flaw
• These flaw are categorized into 2 types
1. Intentional 2. Inadvertent . • Intentional flaws are further divided into 1. Malicious 2. Non- malicious
• Inadvertent flaws are further divided into
1. Validation error 2. Domain error 3. Serialization and aliasing 4. Inadequate identification and authentication 5. Boundary condition violation 6. Other exploitable logic errors