The first picture shows the typical scenario we are dealing with. We have some kind of client system (e.g. Web Browser, Database GUI) which connects over an network to an server system (e.g. Web Server, RDBMS). Both systems have more or less bugs.

There are a lot of different kinds of software bugs, this document will focus on bugs related to security issues like Buffer Overflows, SQL-Injection or Cross-Site-Scripting attacks. The examples given in this document are dealing with server side bugs. Nevertheless the methods shown also apply to the search for bugs on the client side.

Before we go on with bug hunting, let us first have an look on the question - What is IT-Security? Well, I think there are a lot of definitions out there, so I will just name the main properties that make up IT-Security.

In my opinion we have three in important pillars of IT-Security.

The funny question right now, are this really all important properties? No - authenticity is missing! I left it out because I think that authenticity is more related to protocols itself and not only the client system or the server system, it is related to all three major parts client, network and server.