Tuesday, January 13, 2009

25 MOST DANGEROUS PROGRAMMING ERRORS



THE TOP 25 MOST DANGEROUS PROGRAMMING ERRORS
  • Improper Input Validation
  • Improper Encoding or Escaping of Output
  • Failure to Preserve SQL Query Structure
  • Failure to Preserve Web Page Structure
  • Failure to Preserve OS Command Structure
  • Cleartext Transmission of Sensitive Information
  • Cross-Site Request Forgery
  • Race Condition
  • Error Message Information Leak
  • Failure to Constrain Operations within the Bounds of a Memory Buffer
  • External Control of Critical State Data
  • External Control of File Name or Path
  • Untrusted Search Path
  • Failure to Control Generation of Code
  • Download of Code Without Integrity Check
  • Improper Resource Shutdown or Release
  • Improper Initialization
  • Incorrect Calculation
  • Improper Access Control
  • Use of a Broken or Risky Cryptographic Algorithm
  • Hard-Coded Password
  • Insecure Permission Assignment for Critical Resource
  • Use of Insufficiently Random Values
  • Execution with Unnecessary Privileges
  • Client-Side Enforcement of Server-Side Security
Source: SANS Institute

Related Post:
Best Movie Misatakes in 2008
Trojan Virus Steals Banking Info
Reconfigure Your Windows 2000 DNS Server to Forward Request
Remove Unused File to make Your Windows Faster
Becareful when Using a PC at a Public Place

No comments: