To alter the configuration settings of network elements such as switches, routers, firewalls, virtual switches and routers, etc., traditionally an administrator would log into the device, either through a web browser or directly. Software Defined Networking (SDN) provides an application programming interface (API) to internal functions of network elements, and allows both internal and external applications to dynamically change network element behavior and configuration “on-the-fly”.
The API exposes internal network element functionality that was never originally intended or designed to be exposed. A single API call may access several internal calls, which may themselves call others. As a result, malicious input may be received by potentially hundreds of internal device calls that were not designed to robustly handle malicious input.