Taxonomy of Cyber Threats to Application Security and Applicable Defenses

Abstract

Application security measures are the controls within software systems that protect information assets from security attacks. Cyber attacks are largely carried out through software systems running on computing systems in cyberspace. To mitigate the risks of cyber attacks on software systems, identification of entities operating within cyberspace, threats to application security and vulnerabilities, and defense mechanisms are crucial. This chapter offers a taxonomy that identifies assets in cyberspace, classifies cyber threats into eight categories (buffer overflow, malicious software, input attacks, object reuse, mobile code, social engineering, back door, and logic bomb), provides security defenses, and maps security measures to control types and functionalities. Understanding application security threats and defenses will help IT security professionals in the choice of appropriate security countermeasures for setting up strong defense-in-depth mechanisms. Individuals can also apply these safeguards to protect themselves from cyber-attacks.