FINAL PROJECT: Abstract and Reader's Reponse > An overview of key security vulnerabilities and how to prevent them

Abstract: Every year our lives become more dependent on online technology which facilitates the exchanging of goods and services between people. With a wide arrange of social media and crowd sourced applications such as Lyft and Airbnb, people are much more likely to have private information stored online which can be abused if it falls into the wrong hands. One recent example is the cloudbleed vulnerability discovered in February 2017 which caused websites protected by Cloudflare to leak private information such as HTTP cookies and authentication tokens. If a hacker had discovered this vulnerability first, they would have been able to access a wide variety of customer information on these sites allowing them to log in without knowing their passwords. The cloudbleed vulnerability was caused by a low level vulnerability called Buffer Overflow, commonly found in C and C++ programs, often used for their fast running times. Such a small error in a seemingly random piece of code can be the source of a catastrophe for a company should their program get hacked and database leaked. When writing code, developers sometimes neglect the security aspect of what they are currently writing, leaving it for the end in an attempt to get a working product quickly. The following document attempts to introduce some of the most common security vulnerabilities through a series of code examples demonstrating how each vulnerability works. By educating oneself on the methodology, one becomes more equipped to prevent a breach.
WC = 242
READER'S PROFILE: The target audience is someone with little to no security experience, as the guide does not aim to cover more advanced attack vectors.

READER'S RESPONSE: A likely criticism from a reader is that the guide is not good enough at teaching preventative measures, as it focuses more on raising awareness of vulnerabilities so that programmers know what not to do, instead of using third party tools to patch holes that may or may not be in the code. This would certainly be a valid criticism, however I do not think the scope of this guide is large enough to cover all these topics.
May 5, 2017 | Unregistered CommenterTal D.
T, you wisely note this reasonable criticism, yet a guide that you propose is a good way to first examine and approach these problems. You are also covered, though, that the technical details of some of these problems would be both proprietary and security-hidden.

As scoped, your guide is fine. And, can help readers approach more detailed, targeted guidance on addressing these problems.
May 7, 2017 | Registered CommenterMarybeth Shea