Archive for February, 2009
Top 25 common programming bugs
February 17, 2009
Leave a comment
Insecure Interaction between Components
- Improper Input Validation
- Improper Encoding or Escaping of Output
- Failure to Preserve SQL Query Structure (‘SQL Injection’)
- Failure to Preserve Web Page Structure (‘Cross-site Scripting’)
- Failure to Preserve OS Command Structure (‘OS Command Injection’)
- Clear text Transmission of Sensitive Information
- Cross-Site Request Forgery (CSRF) 8. Race Condition
- Error Message Information Leak
Risky Resource Management
- Failure to Constrain Operations within the Bounds of a Memory Buffer
- External Control of Critical State Data
- External Control of File Name or Path
- Un trusted Search Path
- Failure to Control Generation of Code (‘Code Injection’)
- Download of Code Without Integrity Check
- Improper Resource Shutdown or Release
- Improper Initialization
- Incorrect Calculation
Porous Defenses
- Improper Access Control (Authorization)
- Use of a Broken or Risky Cryptographic Algorithm
- Hard-Coded Password
- Insecure Permission Assignment for Critical Resource
- Use of Insufficiently Random Values
- Execution with Unnecessary Privileges
- Client-Side Enforcement of Server-Side Security