ITICT302A: Shellshock Vulnerability in Open Source Software

This report provides a detailed analysis of the Shellshock vulnerability, a significant security flaw in open-source software. It begins by outlining the nature of the vulnerability, which allows attackers to execute arbitrary commands on affected systems. The report then delves into the programming flaws that led to the vulnerability, specifically focusing on the bash command-line interpreter's handling of environment variables. It explores the changes required to make the code safe, including proper input validation, sanitization, and the use of secure coding practices. The report also examines the reasons why the bug may have existed for an extended period, such as unclear requirements, poor communication, and errors in programming, and the complexity of software. Finally, the report proposes methods to prevent future instances of similar bugs, including the use of latest patches, system logs monitoring, measuring of vulnerabilities identified, introduce the governance process to open source contributions, framework for reporting Issues, timely planning and using automated tools. The report is based on the assignment brief's requirements, which focus on programming fundamentals, software development lifecycle, and security threat modeling. The report also explores the Unicode Security Considerations, ASCII Spoofing Concerns, Correct Use of Cryptography, Error Handling and Logging, Cross Site Scripting (XSS), SQL Injection, Cross Site Request Forgery (CSRF), Memory Attacks, and Stack Overflow as requested in the assignment brief.