Application Vulnerabilities

Software application is all the software that causes a computer to perform useful task beyond the running of the computer itself. The term is used to contrast such software with system software (operating system), which manages and integrates a computer’s capabilities but does not directly perform tasks that benefit the user.
Depending on the activity for which it was designed, an application can manipulate text, numbers, graphics, or a combination of these elements. Some application packages offer considerable computing power by focusing on a single task, such as word processing; others, called integrated software, offer somewhat less power but include several applications.
According to MITRE’s CVE Terminology a vulnerability is a state in a computing system (or set of systems) that either:

  • allows an attacker to execute commands as another user
  • allows an attacker to access data that is contrary to the specified access restrictions for that data
  • allows an attacker to pose as another entity
  • allows an attacker to conduct a denial of service

Examples of vulnerabilities include:

  • phf (remote command execution as user “nobody”)
  • rpc.ttdbserverd (remote command execution as root)
  • world-writeable password file (modification of system-critical data)
  • default password (remote command execution or other access)
  • denial of service problems that allow an attacker to cause a Blue Screen of Death
  • smurf (denial of service by flooding a network)

Vulnerabilities are exploited by computer criminals and the purpose is to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can be in the form of code, scripts, active content, and all other kind of hostile and intrusive software. By the help of malware code an attacker could steal sensitive information of personal, financial, or business importance.
Attack using such “weakness” in the application could be:

  • active attack – it attempts to alter system resources or affect their operation
  • passive attack – it attempts to learn or make use of information from the system but does not affect system resources
  • inside attack – it is an attack initiated by an entity inside the security perimeter, i.e., an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization
  • outside attack – is initiated from outside the perimeter, by an unauthorized or illegitimate user of the system (an “outsider”). In the Internet, potential outside attackers range from amateur pranksters to organized criminals, international terrorists, and hostile governments.

Vulnerabilities mitigating techniques follows some basic rules:

  • Regular software patching of operating system
  • Installing minimum software application, because they also could have vulnerabilities
  • Use of virtual security appliance which has traffic isolation and firewalling capabilities
  • Use of antivirus software
  • Statefull inspection firewall against network threads