The 25 most dangerous programming errors

1. Cross-site scripting attacks (4)

2. SQL Injection (3)

3. Classic buffer overflow (1)

4. Cross-site request forgery (7)

5. Is not the correct access control (authorization)

6. In security decision-making rely on untrusted input

7. Is not properly limited to the path name of the path-constrained

8. Upload dangerous types of files are not restricted

9. Operating system commands in the handling of special factors, is not correct (the operating system command injection) (5)

10. Unencrypted sensitive information (6)

11. The use of hard-coded credentials (21)

12. In the length of the value of an incorrect access to the buffer

13. PHP program, Include / Require file name control statement is incorrect (PHP file intrusion)

14. Array subscript is not properly verified

15. Abnormal condition check is incorrect

16. Error Message disclosure of information (9)

17. Integer Overflow

18. Buffer size calculation error

19. The key function of the lack of authentication

20. Download without the integrity check code (15)

21. For the error distribution of competencies critical resources (22)

22. There is no limit resource allocation

23. URL re-directed to the letter from the resources of

24. Use the risk of being cracked or encryption algorithm (20)

25. There is competition (Race condition) (8)

Which added a number in parentheses is last year's ranking of the wrong. Clearly, the error for two consecutive years are selected, do not make again.

In addition, we compared last year's top 25 list of this year's exam and the error is as follows, I believe that these errors are still considerable risks.

2. Is not the correct code or escape output

10. Limited buffer operation failed

11. External control of important state data

12. External control file name or path

13. Untrusted search path

14. Control the code generation error (code injection)

15. Wrong to close or release resources

17. Is not initialized correctly

18. Error Calculation

19. Permeable protective

23. Random errors in the value of the use of

24. Abuse of privileged operating

25. Client-side implementation of the server-side security

分类:Java 时间:2010-03-29 人气:211
blog comments powered by Disqus


  • Hibernate code generation tools for the design of the entire Raiders -- Garden blog 2009-05-26

    Points Writing essay and the latest rankings here for easy access the main Ha ha - Big mouth Tsai - Big mouth Tsai - qianq put my keyboard with a small knife out of Alice, wiping a bit sensitive keyboard you reply! - steward good - students read the

  • MyEclipse7.5 registration code generation and plug-ins installed 2010-03-17

    1, MyEclipse 7.5 registration code generator import; import; import; public class MyEclipseGen { private static final String LL = "Decompiling this copyrighted software is a violati

  • Code generation tool lombok 2010-03-29

    Accidentally discovered a code generation tool to lombok, try a small feeling pretty good! lombok The main features are: automatic generation of default getter / setter methods, automated resource management (through @ Cleanup annotation), and annota

  • linux cpu resource allocation process in order nice, renice, taskset 2010-04-05

    Process cpu resource allocation refers to the process priority (priority). Priority high priority to the implementation of the process right. Configuration process, the priority of the multi-tasking environment linux useful to improve system performa

  • iBATIS code generation tool-iBATOR trial 2010-05-08

    Javaeye on the former two days wandering iBATIS has no intention to read the code generation tool, which has not smoked a couple of days time to try, today, trial use of the next 15 minutes, still feeling good, very simple and practical. iBATOR Downl

  • How to use ibatis in Eclipse automatic code generation tools Abator Collection 2010-07-13

    How to use ibatis in Eclipse automatic code generation tools Abator collection of the first contacts for in the end how to start using abator, relatively few resources, this paper documents the process of my initial use today, hope to have for beginn

  • kaptcha simple validation code generation tool 2010-09-11

    kaptcha is a very practical verification code generation tool, with it, you can generate a variety of styles verification code as it is configurable. kaptcha work principle is called, generate an image.

  • Rational Rose class diagram from the code generation 2010-10-18

    First, the forward engineering 1, set the default language is Java, Tools-> Options-> Notation-> default: select Java. 2, set the environment variable ClassPath, Tools-> Java/j2ee-> Project Specification-> ClassPath: the specific path is

  • Share down my code generation tool (uploaded document) 2010-03-29

    Begun to taste the ROR, impressive is that he who created automatically control and the CRUD files, you can think of so doing JAVA With this in mind on the practice, and an interface with the swing, combined with the effect of eclipse, based on sprin

  • Automatic code generation tool that steps 2010-03-02

    E-mail to colleagues back, note it here as a data. We have done before a code generation, then the absence of such use hibernate Mapping tool is their own writing, and thinking is this: 1, with powerdesigner generate construction schedules, and so th

iOS 开发

Android 开发

Python 开发



PHP 开发

Ruby 开发






Javascript 开发

.NET 开发



Copyright (C), All Rights Reserved. 版权所有 黔ICP备15002463号-1

processed in 0.595 (s). 12 q(s)