Abstract Confusions

Complexity is not a cause of confusion. It is a result of it.

Category Archives: Security

Application Security: Most Dangerous Programming Errors

Last year and earlier this year we have seen serious security lapses which are exploited. Hackers were able to hack Twitter and TechCrunch. Over the years, applications are built, rebuilt and retired. Applications are becoming more and more a means of getting and storing data from database. In future, data will become costlier. Any security error means loss of creditability with your customers.

2010 CWE/SANS Top 25 Most Dangerous Programming Errors

A recent study published by Common Weakness Enumeration (CWE) and SANS (SysAdmin, Audit, Network, Security) institute lists a list of 25 most dangerous programming errors. The highest scored error was Cross Site Scripting (XSS, score 346), followed by the famous SQL injection (330) and Buffer overflow (273). It is evident the application developers are still doing the same error again and again.

I am listing a selected list of five most dangerous errors from them.

  1. Use of Hard coded credentials.
  2. Incorrect Permission Assignment / Authentication for Critical Resources.
  3. Missing Encryption of Sensitive Data / Broken or risky cryptographic algorithm.
  4. Un-restricted upload of file with dangerous type.
  5. Use of insufficiently Random values.

I have seen these errors.
Read more of this post