|
Top 25 Most Dangerous Software Errors 2011
Page history
last edited
by Paul Pajo 13 years, 7 months ago
from here and here:
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- Missing Authentication for Critical Function
- Missing Authorization
- Use of Hard-coded Credentials
- Missing Encryption of Sensitive Data
- Unrestricted Upload of File with Dangerous Type
- Reliance on Untrusted Inputs in a Security Decision
- Execution with Unnecessary Privileges
- Cross-Site Request Forgery (CSRF)
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- Download of Code Without Integrity Check
- Incorrect Authorization
- Inclusion of Functionality from Untrusted Control Sphere
- Incorrect Permission Assignment for Critical Resource
- Use of Potentially Dangerous Function
- Use of a Broken or Risky Cryptographic Algorithm
- Incorrect Calculation of Buffer Size
- Improper Restriction of Excessive Authentication Attempts
- URL Redirection to Untrusted Site ('Open Redirect')
- Uncontrolled Format String
- Integer Overflow or Wraparound
- Use of a One-Way Hash without a Salt
Top 25 Most Dangerous Software Errors 2011
|
Tip: To turn text into a link, highlight the text, then click on a page or file from the list above.
|
|
|
Comments (0)
You don't have permission to comment on this page.