WELCOME GUEST ENJOY YOUR STAY HERE...

TELL A FRIEND ABOUT US.. Share/Save/Bookmark

Thursday, August 27, 2009

Coding errors that helped Hackers and Intruders

There has been some 25 software coding errors that helped the Cyber criminals helped them to have access the site and accounts to nearly 1.5 million security breaches.
The SANS Institute in Maryland said that in 2008 , just two of the errors led to more than 1.5 m web site security breaches. The organisations, which helped making the list, include the US National Security Agency, the Department of Homeland Security, Microsoft, and Symantec published the document."The top 25 list gives developers a minimum set of coding errors that must be eradicated before software is used by customers," the BBC quoted Chris Wysopal, chief technology officer with Veracode.
SANS director, Mason Brown said: "There appears to be broad agreement on the programming errors. Now it is time to fix them. We need to make sure every programmer knows how to write code that is free of the top 25 errors."While, most of the earlier advice focused on vulnerabilities that could have originated from programming errors, the 25 list examines the actual programming errors themselves.The 25 Most Dangerous Programming Errors are:
CWE-116 :Improper Encoding or Escaping of OutputCWE-89 :Failure to Preserve SQL Query StructureCWE-20 :Improper Input ValidationCWE-79 :Failure to Preserve Web Page StructureCWE-78 :Failure to Preserve OS Command StructureCWE-319 :Cleartext Transmission of Sensitive InformationCWE-352:Cross-Site Request ForgeryCWE-362 :Race ConditionCWE-209 :Error Message Information LeakCWE-119 :Failure to Constrain Operations within the Bounds of a Memory BufferCWE-642 :External Control of Critical State DataCWE- 73:External Control of File Name or Path
CWE-665 :Improper InitializationCWE-426 :Untrusted Search PathCWE-94 :Failure to Control Generation of CodeCWE- 494 :Download of Code Without Integrity CheckCWE-404 :Improper Resource Shutdown or ReleaseCWE-682 :Incorrect CalculationCWE-285 :Improper Access ControlCWE-327:Use of a Broken or Risky Cryptographic AlgorithmCWE-259 :Hard-Coded PasswordCWE-732 :Insecure Permission Assignment for Critical ResourceCWE-330 :Use of Insufficiently Random ValuesCWE- 250 :Execution with Unnecessary PrivilegesCWE-602:Client-Side Enforcement of Server-Side Security (ANI)This List is produced by National Security Agency (NSA) and 30 other organisations to put forward the flaws.
Posted by Roney Sidhu at 10:17 PM
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Follow Me... Stay Connected

MY STATS

Top Blogs

Learn hacking tips tricks earn online hints cheats

Blog Directory & Search engine

blogarama - the blog directory

BlogsByCategory.com

Technology Blogs - Blog Rankings

Visit blogadda.com to discover Indian blogs

Computers

Computers Blogs