Top 25 Security Programming Errors

[Kirby]

http://gcn.com/Articles/2010/02/16/top-25-programming-errors.aspx?s=gcndaily_170210&Page=1

Thought some of you would be interested. 🙂

I'm not sure how some of these could be security issues, such as race conditions and indexes though.

 

[Cogman]

interesting. Most of the security problems are generated by web developers 😀 when will they learn.

(Also, great to know the old fuse talk the number 1 problem, Cross-site Scripting)

 

[Ka0t1x]

A lot of these fall under common sense when doing web development.. kinda sad really.

 

[AyashiKaibutsu]

http://gcn.com/Articles/2010/02/16/top-25-programming-errors.aspx?s=gcndaily_170210&Page=1

Thought some of you would be interested. 🙂

I'm not sure how some of these could be security issues, such as race conditions and indexes though.

If someone can get a bad index they might beable to access a chunk of memory you'd rather they didn't?

 

[degibson]

Its easy to point this kind of stuff out after the fact.

 

[Gamingphreek]

I don't really understand how a race condition will do anything but eventually deadlock a program.

Granted, the one point that people often forget in IT Security is that the goal is a disruption of service. Whether that be the dangerous "I have control of your computer" or the "Your computer has crashed and your data is destroyed", they are still the point of malicious code.

-Kevin

 

[Cogman]

I don't really understand how a race condition will do anything but eventually deadlock a program.

Granted, the one point that people often forget in IT Security is that the goal is a disruption of service. Whether that be the dangerous "I have control of your computer" or the "Your computer has crashed and your data is destroyed", they are still the point of malicious code.

-Kevin

Though, race conditions are pretty hard to invoke from the client side. They are rather unpredictable.