Logic Errors and Best Practices for Preventing Them

October 11, 2018 Jerry Gamblin

By now you’ve undoubtedly heard about the Facebook breach. I’ve published an article in Dark Reading that goes into detail on what happened at Facebook and my views on the important lessons we can learn in our efforts to catch and fix these vulnerabilities before hackers do. Here’s a quick synopsis. I hope you will read the full article.

Facebook had a logic error, the result of human error where code allowed a user to take an action that gave them access far beyond what the developer who wrote the code originally intended. This error was then identified and exploited. Unfortunately, these types of errors are extremely difficult to find as it takes human ingenuity to identify the error another human made. And they can be extremely damaging. In combatting these types of errors, I recommend three stages of review beginning with a development team that starts the process thinking about security. Then, build quality assurance teams that know how the app should function and include a few people who think like hackers. Finally, establish meaningful bug bounty programs that offer compensation in line with the internal importance of the app as well as external markets. Read the full article for more detail.

The post Logic Errors and Best Practices for Preventing Them appeared first on Kenna Security.

Previous Article
Are You Taking a Modern Approach to Cybersecurity?
Are You Taking a Modern Approach to Cybersecurity?

One of my favorite quotes of all time is the definition of insanity. While there are several variations, th...

Next Article
October 2018 Patch Tuesday Briefing

As a service to our customers, we post a monthly update when Patch Tuesday (second Tuesday of every month) ...