ABSTRACT
Figure 19.2 shows the more common causes of vulnerability among middleware software elements as derived from Reference 96.
Identifying discovered and existing vulnerabilities as they relate to software allows software development practices and tools to look for software structures and processes that are exploitable. Many of these tools also check for susceptibility to specic exploits. Proper software development practices will eliminate many of these vulnerabilities. Formal design practices oer additional capabilities to avoid buer overows, improper data acceptance, and other software aw-based vulnerabilities [97]. Nonetheless, tools must be used to verify that the formal methods have been properly used and correctly implemented, or remediation must be applied. ese tools are not perfect, and the analysis may miss some vulnerabilities. eir use should be followed by penetration testing. ese analyses will reduce the attack space and eliminate some common attack methodologies for the enterprise.
