These errors, explained in CWE, "are usually easy to find and easy to exploit." They are dangerous "because they often allow attackers full control software, stealing data or prevent the software to work at all." In some cases, however, employees are more dangerous than hackers.
The list, updated regularly, is a tool to warn programmers, so they can prevent vulnerabilities "that plague the software industry."
The list of the 25 most common mistakes CWE has been prepared by the SANS Institute, organizations such as MITRE, and security experts from Europe and America.
The first place is the "neutralization inappropriate special items used in an SQL statement." This error is one that facilitates code injection attacks.
Second place is the "neutralization inappropriate special items used in an OS command," while third place is occupied by "copy the buffer without checking the size of input".
The "neutralization improper input during the generation of web pages" is the fourth of these errors. The fifth, for his part, is a "lack of authentication for critical functions."
If you want to know what other errors are among the most common, this link you can find the complete list in English, with more information about the data used for measurement.
No hay comentarios:
Publicar un comentario