This is somewhat OT, but I just wanted to ask the list what they think about the 'THE TOP 25 MOST DANGEROUS PROGRAMMING ERRORS' accdg. to The US National Security Agency, article here: http://news.bbc.co.uk/2/hi/technology/7824939.stm
CWE-20:Improper Input Validation CWE-116:Improper Encoding or Escaping of Output CWE-89:Failure to Preserve SQL Query Structure CWE-79:Failure to Preserve Web Page Structure CWE-78:Failure to Preserve OS Command Structure CWE-319:Cleartext Transmission of Sensitive Information CWE-352:Cross-Site Request Forgery CWE-362:Race Condition CWE-209:Error Message Information Leak CWE-119:Failure to Constrain Operations within the Bounds of a Memory Buffer CWE-642:External Control of Critical State Data CWE-73:External Control of File Name or Path CWE-426:Untrusted Search Path CWE-94:Failure to Control Generation of Code CWE-494:Download of Code Without Integrity Check CWE-404:Improper Resource Shutdown or Release CWE-665:Improper Initialization CWE-682:Incorrect Calculation CWE-285:Improper Access Control CWE-327:Use of a Broken or Risky Cryptographic Algorithm CWE-259:Hard-Coded Password CWE-732:Insecure Permission Assignment for Critical Resource CWE-330:Use of Insufficiently Random Values CWE-250:Execution with Unnecessary Privileges CWE-602:Client-Side Enforcement of Server-Side Security *Source: SANS Institute *Gary* *
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
