11:58 The 25 most dangerous bugs | |
| A few days ago, computer experts, among whom appear nonprofit MITRE, Sans Institute, National Security Agency and the national cyber-security unit of the Ministry of Homeland Security, issued an updated list of the 25 most dangerous bugs. As in the past year, the list is topped by XSS, SQL-injections and problems associated with buffer overflows. These and other software bugs caused the breakups of millions of systems, including the recent attack on Google, so the check-list is always kept on hand not only for beginners. [1] 346 CWE-79 Failure to Preserve Web Page Structure ('Cross-site scripting') [2] 330 CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection ') [3] 273 CWE-120 Buffer Copy without Checking Size of Input (' Classic Buffer Overflow ') [4] 261 CWE-352 Cross-Site Request Forgery (CSRF) [5] 219 CWE-285 Improper Access Control (Authorization) [6] 202 CWE-807 Reliance on Untrusted Inputs in a Security Decision [7] 197 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [8] 194 CWE-434 Unrestricted Upload of File with Dangerous Type [9] 188 CWE-78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection ') [1910] 188 CWE-311 Missing Encryption of Sensitive Data [11] 176 CWE-798 Use of Hard-coded Credentials [1912] 158 CWE-805 Buffer Access with Incorrect Length Value [1913] 157 CWE-98 Improper Control of Filename for Include / Require Statement in PHP Program ('PHP File Inclusion') [1914] 156 CWE-129 Improper Validation of Array Index [15] 155 CWE-754 Improper Check for Unusual or Exceptional Conditions [1916] 154 CWE-209 Information Exposure Through an Error Message [1917] 154 CWE-190 Integer Overflow or Wraparound [18] 153 CWE-131 Incorrect Calculation of Buffer Size [1919] 147 CWE-306 Missing Authentication for Critical Function [1920] 146 CWE-494 Download of Code Without Integrity Check [21] 145 CWE-732 Incorrect Permission Assignment for Critical Resource [1922] 145 CWE-770 Allocation of Resources Without Limits or Throttling [1923] 142 CWE-601 URL Redirection to Untrusted Site ('Open Redirect') [24] 141 CWE-327 Use of a Broken or Risky Cryptographic Algorithm [1925] 138 CWE-362 Race Condition I advise you to read the original article, which except for a detailed description of all errors, provides advice on their removal, as well as examples. Last year's debate - mamba.habrahabr.ru/blog/50046 / UPD: minuses karma, leave at least a brief comment, but it's not corrected and will continue to write such nonsense;). | |
|
| |
| Total comments: 0 | |