Software Defined Networking (SDN) is a revolutionary paradigm that is maturing along with other network technologies in the next-gen trend. The separation of control and data planes in SDN enables the emergence of novel network features like centralized flow management and network programmability that encourage the introduction of new and enhanced network functions in order to improve prominent network deployment aspects such as flexibility, scalability, network-wide visibility and cost-effectiveness. Although SDN exhibits a rapid evolution that is shaping this technology as a key enabler for future implementations in heterogeneous network scenarios, namely, datacenters, ISPs, corporate, academic and home; the technology is far from being considered secure and dependable to this day which inhibits its agile adoption. In recent years, the scientific community has been attracted to explore the field of SDN security to close the gap to SDN adoption. A twofold research context has been identified: on the one hand, leveraging SDN features to enhance security; while on the other hand one can find the pursue of a secure SDN system architecture. This article includes a description of security threats that menace SDN and a list of attacks that take advantage of vulnerabilities and misconfigurations in SDN constitutive elements. Accordingly, a discussion emphasizing the duality SDN-for-security and SDN-security is also presented. A comprehensive review of state-of-the art is accompanied by a categorization of the current research literature in a taxonomy that highlights the main characteristics and contributions of each proposal. Finally, the identified urgent needs and less explored topics are used to outline the opportunities and future challenges in the field of SDN security.

软件定义网络（SDN）是一种革命性的范例，在下一代趋势中与其他网络技术一起日趋成熟。SDN中控制平面和数据平面的分离使得出现了诸如集中式流管理和网络可编程性之类的新颖网络功能，这些功能鼓励引入新的和增强的网络功能，以改善突出的网络部署方面，例如灵活性，可扩展性，全网范围可见度和成本效益。尽管SDN展现出快速发展的势头，但使该技术成为数据中心，ISP，公司，学术机构和家庭等异构网络场景中未来实现的关键推动力。到目前为止，该技术还远没有被认为是安全可靠的，这阻碍了其敏捷应用。最近几年，科学界已被吸引来探索SDN安全领域，以缩小与SDN应用之间的差距。已经确定了两个研究背景：一方面，利用SDN功能增强安全性；另一方面，利用SDN功能增强安全性。另一方面，可以找到对安全SDN系统架构的追求。本文介绍了威胁SDN的安全威胁以及利用SDN组成元素中的漏洞和配置错误的攻击列表。相应地，还讨论了针对安全性和SDN安全性的双重性。在对最新技术进行全面回顾的同时，还对分类学中的当前研究文献进行了分类，突出了每个提案的主要特征和贡献。最后，