Lefora Free Forum
51 views

Top 25 Most Dangerous Programming Errors

Categories > Sites and Services
Page 1
posts 1–5 of 5
herne
superstar - moderator
251 posts
+1 permalink
From the BBC News; http://news.bbc.co.uk/1/hi/technology/7824939.stm

Dangerous coding errors revealed

The US National Security Agency has helped put together a list of the world's most dangerous coding mistakes.

The 25 entry list contains errors that can lead to security holes or vulnerable areas that can be targeted by cyber criminals.

Experts say many of these errors are not well understood by programmers.

According to the SANS Institute in Maryland, just two of the errors led to more than 1.5m web site security breaches during 2008.

Here are some examples, see the original articles for the full listing;

CWE-20: Improper Input Validation
CWE-116: Improper Encoding or Escaping of Output
CWE-89: Failure to Preserve SQL Query Structure
CWE-79: Failure to Preserve Web Page Structure
CWE-78: Failure to Preserve OS Command Structure
CWE-319: Cleartext Transmission of Sensitive Information

-----
Thought I would pass this along.
__________________
We are the Herne. You will be assimilated.
reply
quote
13th January 2009 13:15 p.m.
webfreelancer
novice - member
24 posts
+0 permalink

That's nice. My favorite is when the server is improperly configured and the .php files are sent back to me with all the source code instead of being parsed on the server. Publicly displaying errors in html with the password to the database is my second favorite.

__________________
Web design & web development. www.developersuperstar.com
reply
quote
13th January 2009 15:32 p.m.
wadehindell
regular - member
113 posts
+0 permalink
Great find herne
reply
quote
15th January 2009 00:03 a.m.
mattee
rookie - member
2 posts
+0 permalink

SQL injection ftl

reply
quote
16th February 2009 07:16 a.m.
woollymittens
regular - member
139 posts
+0 permalink

The simplest example of a really dangerous programming error is a mistake using the humble "while" statement.

For chemistry I once had to program software to controlling an automatic titration machine and it went something like this:

// Keep adding acid to the solution until the PH has gone from 3 to 7.
while(PH!=7){
    addDropOfAcid()

}

It was unclear at the time why the teacher had brought a bucket and mop to the classroom, but the reason became apparent when on several desks the PH went from 7.1 to 6.9 in a single drop.

__________________
"Any sufficiently advanced technology is indistinguishable from magic." - Arthur C. Clarke
reply
quote
16th February 2009 14:26 p.m.
Categories > Sites and Services
Page 1
posts 1–5 of 5

This Topic Is Locked To Guest Posts

It's been a while since this topic was active, if you'd like to get it going again, please post as a registered member

join now