In: Computer Science
Provide a brief (1- to 3-paragraph) analysis of the Heartbleed vulnerability. In your response, be sure to address the following:
Heartbleed vulnerability : first u need to understand the heartbleed vulnerability. It is the serious vulnerability that allows stealing the sensitive information. It came under limelight in 2014.it allows anyone to read memory and data of the system.
It attacks the Ssl cryptographic software library. It is very harmful because the secure data can be steal by attackers. Heartbleed is a bug that can steal files and access data in few minutes.
Our system conducts information, data, passwords, etc. Heartbleed may attack versions of the open SSL library quickly.
The main Cause of heartbleed vulnerability :
Open SSL library - This was the main cause , it provides a good performance but it is failed to provide security. It was open source library, developers were found it as lack of security issues.
Lack of knowledge : software developers have not enough knowledge to deal with it. In 2014 ,Heartbleed vulnerability was new to the whole world. Very less people were aware of bug.
Some codes were made at that time -
Note: CERT secure code focus on identity insecure coding and for unsafe coding. But it was not that much effective at that time.
Advanced CERT C coding was introduced few years ago. It finds coding errors that are the cause of bugging. It helps to manipulate bugging but results were not impressive.
SCALE - source code analysis laboratory gives a protection against various attackers. But SCALE would have upgrade its methods.
Best practice to identify or prevent similar attacks
Focus on goal : We need to focus on applications that can be useful to protect our data. We need to create a core that will work to control the access of data.
Security : it should be more secure for receiving data from an external system.
Create platforms: we should create more platforms for solving problems related to attacks.