Kingdom *: Environment

The software usually relies on other software (e.g. Compilers, operating systems, execution envs like JVM, .NET). The environment includes everything that is outside your own code but still critical to the security of the software you create.

Examples

• Insecure compiler optimizations
  • Compiler optimizations may introduce security vulnerabilities (e.g. buffer overflows, format string vulnerabilities, etc.)
  • Or: the developer overwrites sensitive data in memory, but the compiler optimizes the code and the sensitive data is still in memory.
• Issues with respect to web application frameworks
  • E.g. insufficient session ID length or randomeness