homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

Top 25 Dangerous Coding Errors

 3:07 pm on Jan 13, 2009 (gmt 0)

Top 25 Dangerous Coding Errors [news.bbc.co.uk]
The US National Security Agency has helped put together a list of the world's most dangerous coding mistakes.

The 25 entry list contains errors that can lead to security holes or vulnerable areas that can be targeted by cyber criminals.

Experts say many of these errors are not well understood by programmers.

Top 25 Coding Errors [sans.org]



 4:13 pm on Jan 13, 2009 (gmt 0)

26. failing to hire somebody when your training comprises a few modules of webmonkey.


 4:44 pm on Jan 13, 2009 (gmt 0)

The original SANS source with more details [sans.org] (bottom of page)

Bookmark that one! :-)

EDIT: Argh . . it's timing out now, maybe it's getting slashdotted . . . . or . . . their report has drawn too much attention from the "ankle biters" mentioned in the first article . . . .


 4:52 pm on Jan 13, 2009 (gmt 0)

Stop the bots / botnets, save the world?

Likely more true than we accept.

We love to hate agencies, such as the NSA, but what other agency or enterprise is taking the lead in challenging or taking down botnets?

Microsoft? The likely "botnet mother"? ICANN? Ya, sure, the mother of unlimited gTLDs, etc.

Really, when it comes to protecting the Web that we love from serious harm via attackers or botnets, who is in charge here?

Probably the answer is "us" - everyone of us - who has ever failed to secure a server or website, probably due to others handing us the keys to the car without confirming whether we have taken driving (security) lessons. And who's in charge of hosting firms, to be certain their servers are hardened against exploitation? And who is in charge of the server software and PC software providers to be certain their software is hardened? Can't wait to see what happens when everyone's cellphone->all-in-1-device starts to automatically dial up the Whitehouse or NSA . .

So, now the great mystery agency - the NSA - the agency with al the bad publicity or bad "we're spying on you" image, is going to take the lead in guiding the world in how to make the world more safe?

Well . . Geesh! It's the National Security Agency to the rescue?

It's about time some agency or enterprise took the lead. Shame it has to be one with image and other historical problems that may undermine any "trust us" campaign.


 5:16 pm on Jan 13, 2009 (gmt 0)

>>but what other agency or enterprise is taking the lead in challenging or taking down botnets

Agree... if we can get the implicit synergy of gov to act as you suggest. Too often concise direction and execution is over-burdened by pork (political motives).


 7:01 pm on Jan 13, 2009 (gmt 0)

a fantastic list! definitely bookmarkable.

I just found + fixed a "race condition" (CWE-362) yesterday, and it was an obscure oversight in code I wrote only 6 months ago. For any programmer who does their own QA and penetration testing, this is a pretty good checklist to look at before deploying to production.


 9:10 pm on Jan 13, 2009 (gmt 0)

Excellent list. Going to take a time to go through it all.

First saw it touted on Twitter by Matt Cutts, a couple of days ago.


 12:56 am on Jan 14, 2009 (gmt 0)

Well I'm living dangerously as I havent a clue what half of those 25 even mean ;)

I suppose I'll eventually have a clue the hard way


 3:55 am on Jan 15, 2009 (gmt 0)

well dauction it could be because some may use languages you dont know

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved