Vulnerabilities

Software is developed to fulfil a given purpose, and developers aim to maximize their compliance with stories, use cases, APIs and a myriad of dependencies. While development progresses, bugs and (design) flaws are introduced into systems, sometimes reaching exposed interfaces, and becoming a vulnerability to the correct execution of the system.

This lecture will explore what is a vulnerability and what is the role of vulnerabilities and vulnerability tracking.

Download Links: Portuguese English

Recommended reading:

• Security in Computing, 5th edition, C. P. Pfleeger, S. L. Pfleeger: Chap 7
  • You can use your University email with SSO to access this resource
• Segurança em Redes Informáticas, A. Zúquete, Chap. 2
• Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors
• Sasha Romanosky, Examining the costs and causes of cyber incidents, Journal of Cybersecurity, Volume 2, Issue 2, December 2016, Pages 121–135, https://doi.org/10.1093/cybsec/tyw001

Relevant web resources

• OWASP Top 10
• OWASP: Open Web Application Security Project
• Wikipedia: Zero-day vulnerability
• CVE (Common Vulnerabilities and Exposures) @ Wiki
• CVE @ MITRE
• CWE (Common Weakness Enumeration)
• CERT.PT
• Rede Nacional de CSIRTs
• CSIRT (Computer Security Incident Response Team)
• CSIRT @ UA