CWE/SANS TOP 25 Most Dangerous...

Feb 19th, 2009 at 01:57 PM
User 597929 Photo

Spinny
Registered User
1,332 posts

Since this is a site about making/using software that in turn creates web software, I thought this discussion to be topical here.

http://www.sans.org/top25errors/?utm_so … f=37029#s3

(January 12, 2009) Today in Washington, DC, experts from more than 30 US and international cyber security organizations jointly released the consensus list of the 25 most dangerous programming errors that lead to security bugs and that enable cyber espionage and cyber crime. Shockingly, most of these errors are not well understood by programmers; their avoidance is not widely taught by computer science programs; and their presence is frequently not tested by organizations developing software for sale.

The impact of these errors is far reaching. Just two of them led to more than 1.5 million web site security breaches during 2008 - and those breaches cascaded onto the computers of people who visited those web sites, turning their computers into zombies.

...
"You can't be a real country unless you have a beer and an airline - it helps if you have some kind of a football team, or some nuclear weapons, but at the very least you need a beer." -- Frank Zappa

Visit Spinland Studios: http://www.spinland.biz
Mar 28th, 2009 at 10:31 PM
User 244141 Photo

Rod A.
Ambassador
1,209 posts

I just found one recently. Not to go into details, but the filter for a upload directory was not set up properly. This allowed hackers to unleash heck on one of my servers for a year or 2 and I took down around 10 sites trying to find the hole. Hopefully this took care of the problem.
Web Design: https://www.websnoogie.com
Member - BBB: Websnoogie, LLC

Have something to add? We’d love to hear it!
You must have an account to participate. Please Sign In Here, then join the conversation.