Exploitation vs. Prevention: The ongoing saga of software vulnerabilities

Abstract

Online IT systems are frequently exposed to cyber-attacks. An Exploit is an advanced attack tool that takes advantage of some software vulnerability to attack and cause harm to IT infrastructures. Developers and manufacturers of operating systems and hardware put huge effort into the prevention of vulnerability exploitation (e.g. Data Execution Prevention, Control Flow Integrity, etc.). However, the number and severity of attacks show that new exploit methods are continuously being invented despite the increasingly sophisticated protection methods. The present article summarizes the current, known and most relevant software vulnerability exploitation methods, as well as, the possible methods used to protect against these exploits. Moreover, the effectiveness of both the exploitation and prevention methods (as seen from both the attacker’s and the defender’s sides) is analyzed to find a possible future direction, to eliminate exploit attacks against an IT infrastructure.