The most dangerous programming errors

The most dangerous programming errors



The "Common Weakness Enumeration" developed by MITRE, includes the list of most dangerous programming errors.

The list is compiled by over 50 experts from renowned organizations such as the SANS Institute, RSA, Red,Sun Hat, Microsoft, etc.





All identified faults are dangerous because they often allow hackers to take complete control of a software, steal data, or prevent the software from working.

The main purpose of this list is to educate programmers to avoid errors at source and eliminate the most common problems before distributing the software.

Here is the list of 23 most dangerous programming errors:
Non-conservation of the structure of Web pages

Improper cleaning of special elements used for a SQL command (SQL injection)

Copy in the buffer without controlling the size of the input ("Classic Buffer Overflow")

Falsification of application prohibited (Cross-site request forgery, CSRF)

 Poor access control (authorization)

Decision on security based on untrusted input data

Limitation of a wrong path to a restricted directory ("Path Traversal")

Absence of restrictions on downloading dangerous files

Improper cleaning of special elements used in an OS command ("OS Command Injection ')

Absence of encryption of sensitive data

Using authentication information hardcoded

Buffer access with an incorrect length value

Filename poor control for the Directive include / require in PHP program ("PHP File Inclusion")

Incorrect validation of an array index

Bad seek unusual or exceptional circumstances

Disclosure of information in an error message

Integer overflow or looping ("Integer overflow or wraparound")

Incorrect calculation of buffer size

Failure to authenticate to a critical function

Code Download without integrity check

Allocation of resources without limits

URL redirection to an untrusted site ("Open Redirect ')

 Use of a decrypted encryption algorithm or dangerous

Remember that the best support for this blog is to like and share our articles! 😉

About

I founded the Blog DepoTech in January 2015. Self-taught in development, I have always pushed my curiosity about the topics,Web and Tech news.

Next
« Prev Post
Previous
Next Post »

1 comments:

Click here for comments
Anonymous
admin
June 5, 2015 at 7:22 PM ×

" Use of a decrypted encryption algorithm or dangerous"

or dangerous what?

Congrats bro Anonymous you got PERTAMAX...! hehehehe...
Reply
avatar
Subscribe to: Post Comments (Atom)