25 most dangerous software coding errors that help cyber criminals revealed.Byline: ANI London, Jan 14 (ANI): The US National Security Agency along with 30 organisations have put together a list of the 25 most dangerous coding mistakes in the world. The list contains errors, which may disclose a number of security holes or vulnerable areas that can be targeted by cyber criminals. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. experts, many of these errors are not well understood by programmers. The SANS Institute in Maryland said that in 2008, just two of the errors led to more than 1.5m web site security breaches. This is believed to be the first time the industry has reached agreement on the worst things that can creep into software while it is being written. The organisations, which helped making the list, include the US National Security Agency, the Department of Homeland Security Noun 1. Department of Homeland Security - the federal department that administers all matters relating to homeland security Homeland Security executive department - a federal department in the executive branch of the government of the United States , Microsoft, and Symantec published the document. "The top 25 list gives developers a minimum set of coding errors that must be eradicated before software is used by customers," the BBC BBC in full British Broadcasting Corp. Publicly financed broadcasting system in Britain. A private company at its founding in 1922, it was replaced by a public corporation under royal charter in 1927. quoted Chris Wysopal, chief technology officer with Veracode, as saying. SANS director, Mason Brown said: "There appears to be broad agreement on the programming errors. Now it is time to fix them. We need to make sure every programmer knows how to write code that is free of the top 25 errors." While, most of the earlier advice focused on vulnerabilities that could have originated from programming errors, the 25 list examines the actual programming errors themselves. The 25 Most Dangerous Programming Errors are: CWE-20:Improper Input Validation CWE-116:Improper Encoding or Escaping of Output CWE-89:Failure to Preserve SQL SQL in full Structured Query Language. Computer programming language used for retrieving records or parts of records in databases and performing various calculations before displaying the results. Query Structure CWE-79:Failure to Preserve Web Page Structure CWE-78:Failure to Preserve OS Command Structure CWE-319:Cleartext Transmission of Sensitive Information CWE-352:Cross-Site Request Forgery CWE-362:Race Condition CWE-209:Error Message Information Leak CWE-119:Failure to Constrain Operations within the Bounds of a Memory Buffer CWE-642:External Control of Critical State Data CWE-73:External Control of File Name or Path CWE-426:Untrusted Search Path CWE-94:Failure to Control Generation of Code CWE-494:Download of Code Without Integrity Check CWE-404:Improper Resource Shutdown or Release CWE-665:Improper Initialization in·i·tial·ize tr.v. in·i·tial·ized, in·i·tial·iz·ing, in·i·tial·iz·es Computer Science 1. To set (a starting value of a variable). 2. To prepare (a computer or a printer) for use; boot. 3. CWE-682:Incorrect Calculation CWE-285:Improper Access Control CWE-327:Use of a Broken or Risky Cryptographic Algorithm CWE-259:Hard-Coded Password CWE-732:Insecure Permission Assignment for Critical Resource CWE-330:Use of Insufficiently Random Values CWE-250:Execution with Unnecessary Privileges CWE-602:Client-Side Enforcement of Server-Side Security (ANI) Copyright 2008 Asian News International The Asian News International (ANI) agency provides multimedia news to China and 50 bureaus in India. It covers virtually all of South Asia since its foundation and presently claims, on its official website, to be the leading South Asia-wide news agency. (ANI) - All Rights Reserved. Provided by Syndigate.info an Albawaba.com company |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion