Security vulnerability in software

SQL Injection  SQL injection is the way by which attacker try to hack your data using interface provided by your application. See following example where attacker going to access your application. suppose following interface our application having to login. If we are having following authentication checks then your application definitely  going to be hack easily. conn = connectionPool.getConnection(); String sql = "select USER_ID from USER_INFO where USER_NAME =  ' " + request.getParameter("userName") + " ' AND PASSWORD = ' " +  request.getParameter("pass") +" ' "; Statement stmt = conn.createStatement(); ResultSet rs = stmt.executeQuery(sql); return rs.next(); Now see how hacker will be going to get access your application  he will use common name in user name like 'admin' , 'super' etc.  and password anything with some code  User name = admin ' or 'a' =...

There are many type of security vulnerability may exist in your software application. You just need to start to know, how many type of security related risk may exist in your applications. Common practice is in development is that we try to find very simplest way to get our problem resolved. But we forget about security related aspects. So this is the time to learn how should we write our code and what we need to avoid to use in our code. We are going yo start with top 10 vulnerabilities which every programmer should know.  Top 10 Vulnerabilities by OWASP (Open Web Application Security Project) Let’s talk about these vulnerabilities one by one: What is SQL Injection and how it works SQL Injection means attacker sends simple text based attacks that exploit the syntax of the targeted interpreter. SQL injections are introduced when software developers write dynamic query that includes user supplied inputs. 1. Application presents a form to the...