A Case Study on Data Vulnerabilities in Software Development Lifecycle Model

Abstract

Software security has become a very critical part of our lives. A software developer who has a fundamental understanding of software security can have an advantage in the workplace. In the massive Equifax breach that occurred in 2017 that exposed data of roughly 140 million people, attackers exploited a vulnerability in Apache Struts, CVE-2017-5638, which allows remote attackers to execute arbitrary commands when specially crafting user-controlled data in HTTP headers. Sensitive data exposure issues are essential to know to protect customer data. It is fascinating to understand how attackers can exploit application vulnerabilities to perform malicious activities. The authors also want the reader to be aware of the fact that we should always be thinking about how our applications handle user-controlled data so that we can put guards in place to minimize security issues in the development of new applications.