📜 ⬆️ ⬇️

20 critical vulnerabilities in the program

I think the biggest mistake is between the chair and the keyboard, but if you disassemble more than “did not notice” and assume that novices are not completely aware of critical errors that can cause serious consequences such as data loss, calling a foreign code, unavailability of service or data theft, the black list is organized as follows:
  1. Invalid data entry validation
  2. Incorrect encoding or lack of processing output data
  3. SQL injection
  4. Cross-site scripting
  5. Unlimited Console Access (OS Injection)
  6. Transmission of personal data on a low-security channel
  7. Cross-site request as a fake internal request
  8. Competition threads using one resource and incorrect closure of its use
  9. Too informative error content
  10. Out of the program pointer beyond the allocated memory
  11. External management of internal variables and file paths
  12. Generated code and its potential injection
  13. Auto update program received code without confirming the source
  14. Dirty initialization - previous initialization data is available.
  15. Mathematics with limited numbers
  16. Unreliable authentication and hard-coded passwords
  17. Using a compromised or cracked cryptography algorithm
  18. Elevated version
  19. Using insufficient random numbers
  20. Validation on the client side but not on the server side
Based on " Top 25 most dangerous programming errors " Original article

')

Source: https://habr.com/ru/post/49163/


All Articles