Calsoft Blog

In Part-1 of this post we spoke about security holes and 2 sources of vulnerabilities: Buffer Overflow and SQL Injection. We will cover next 3 sources in this post.   Integer Overflow Integer overflow is the result of an attempt by a CPU to arithmetically generate a number larger than what can fit in the devoted memory storage space. The most common result in these cases is for the least significant representable bits of the result to be stored (the result is said to wrap). Causes Poor validation of arithmetic operations Lack of awareness of casting order and implicit casts from operators Failing to enforce the assumptions made Redemption Choose your datatypes carefully Do not rely on implicit typecasts Enforce your assumptions by using proper validations and appropriate variable datatypes Error Handling Error handling refers to the anticipation, finding, and resolve of programming errors. An example is the lack of sufficient memory to run an application or a m...

Technically, ‘ Vulnerability’ is a cyber-security term that refers to a flaw in a system that can leave it open to attacks. In terms of computing, a resource (either physical or logical) may have one or more vulnerabilities that can be exploited by a threat agent in a threat action. The result can potentially compromise the confidentiality, integrity or availability of resources belonging to an organization. Vulnerability can exist if the system has a security flaw, an attacker has access to the flaw, and the attacker has the capability to exploit the flaw. Then comes into picture what is called a ‘Security hole’ . Security holes/bugs are faults, defects, or programming errors. It is often referred to as ‘an attack surface’ in a system.  At Calsoft , we follow our internal coding conventions and practices to keep security violations at bay. These conventions are designed and managed by a highly experience team of experts that continuously thrive to making i...