ramesh was here
pallikara's programming + politics + philosophy potpourriWednesday, February 04, 2009
CWE/SANS TOP 25 Most Dangerous Programming Errors
CATEGORY: Insecure Interaction Between Components
CATEGORY: Risky Resource Management
CATEGORY: Porous Defenses
CWE-20: Improper Input Validation
CWE-116: Improper Encoding or Escaping of Output
CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection')
CWE-79: Failure to Preserve Web Page Structure (aka 'Cross-site Scripting')
CWE-78: Failure to Preserve OS Command Structure (aka 'OS Command Injection')
CWE-319: Cleartext Transmission of Sensitive Information
CWE-352: Cross-Site Request Forgery (CSRF)
CWE-362: Race Condition
CWE-209: Error Message Information Leak
CATEGORY: Risky Resource Management
CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-642: External Control of Critical State Data
CWE-73: External Control of File Name or Path
CWE-426: Untrusted Search Path
CWE-94: Failure to Control Generation of Code (aka 'Code Injection')
CWE-494: Download of Code Without Integrity Check
CWE-404: Improper Resource Shutdown or Release
CWE-665: Improper Initialization
CWE-682: Incorrect Calculation
CATEGORY: Porous Defenses
CWE-285: Improper Access Control (Authorization)
CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CWE-259: Hard-Coded Password
CWE-732: Insecure Permission Assignment for Critical Resource
CWE-330: Use of Insufficiently Random Values
CWE-250: Execution with Unnecessary Privileges
CWE-602: Client-Side Enforcement of Server-Side Security
Archives
March 2006 May 2006 July 2006 August 2006 September 2006 October 2006 November 2006 January 2007 February 2007 March 2007 April 2007 May 2007 July 2007 August 2007 September 2007 October 2007 November 2007 December 2007 February 2008 March 2008 April 2008 May 2008 June 2008 July 2008 September 2008 November 2008 December 2008 January 2009 February 2009
Subscribe to Posts [Atom]