SPECIAL ISSUE REDSET 2016 OF CSIT Protection of software against various attacks: issues and challenges Anshika Sharma 1 • Palak Khurana 1 • Shailendra Narayan Singh 1 Ó CSI Publications 2016 Abstract In the present scenario, the increase of malicious attacks lead to the various software vulnerabilities which needs to be detected in early stages of development of the software. Software vulnerability is a security flaw, glitch, or weakness found in software or in an operating system that can lead to security concerns. Predicting software vulnerabilities would help in increasing the security of the software application. We evaluate various attacks which could occur in the system and should have prior knowledge about various vulnerabilities which exists in the current era. The fundamental objective of doing this paper is to analyze the varied techniques by which we can detect the software vulnerability and could overcome the various issues and challenges. Importance of vulnerability management can be in detecting and protecting the application vulnerabili- ties in the codes. We have brought down certain pros and cons of existing techniques and scope of future research in our findings. Keywords Fuzzing Á Software vulnerability testing Á Dynamic testing Á Code security Á Back door Á Security invariants Á Discovery model Á Vulnerability prediction 1 Introduction During the last decades, the use of Web Technologies is becoming a promising mechanism for a single person to a large organization. Millions and trillions of personals are totally dependent on web technologies for their day to day functioning which includes communication, gathering information, financial transaction, entertainment and also for connecting them socially to the world. Internet services are continuously being exploited by the malicious attacks, which are launched remotely. For instance, attackers send a number of malicious messages causing the buffer overflow in order to generate the malicious codes. From the last few decades, the web technologies are growing excessively in order to provide prosperity to the people with the few major challenges and issues associated with it. One of the essential challenges is regarding the security of the web applications. Security means the threat, which is caused by the defect in design of software, coding, testing and implementation. Since, the web services and technologies are being accessed by all the public as well as private sectors; therefore it is more prone to cyber attacks. Vulnerability can be expressed as the inability of a system or a unit to withstand the various effects of a hostile environment as shown in Fig. 1. It is a weakness which grants the permission to the attackers to scale down the information assurance of the system. Vulnerability is basically the composition of three major elements namely: (a) system’s susceptibility, (b) attackers access to the flaws and (c) attackers capability to exploit the flaws. There are several causes which lead to the software vulnerabilities that are complexity in the design, the use of well-known codes, the use of weak passwords and the negligence of the developer in writing the codes by leaving the software bugs which can easily be misused by the hackers. Unknowingly, & Anshika Sharma anshikaintegral@gmail.com Palak Khurana pkhurana187@gmail.com Shailendra Narayan Singh snsingh36@amity.edu 1 Department of Computer Science, Amity University, Noida, Uttar Pradesh, India 123 CSIT DOI 10.1007/s40012-016-0097-9