Welcome to WebmasterWorld Guest from 50.19.57.50

Forum Moderators: phranque

Message Too Old, No Replies

Top 25 Dangerous Coding Errors

     
3:07 pm on Jan 13, 2009 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:23256
votes: 359


Top 25 Dangerous Coding Errors [news.bbc.co.uk]
The US National Security Agency has helped put together a list of the world's most dangerous coding mistakes.

The 25 entry list contains errors that can lead to security holes or vulnerable areas that can be targeted by cyber criminals.

Experts say many of these errors are not well understood by programmers.

Top 25 Coding Errors [sans.org]

4:13 pm on Jan 13, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Mar 20, 2008
posts:673
votes: 0


26. failing to hire somebody when your training comprises a few modules of webmonkey.
4:44 pm on Jan 13, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


The original SANS source with more details [sans.org] (bottom of page)

Bookmark that one! :-)

EDIT: Argh . . it's timing out now, maybe it's getting slashdotted . . . . or . . . their report has drawn too much attention from the "ankle biters" mentioned in the first article . . . .

4:52 pm on Jan 13, 2009 (gmt 0)

Moderator

WebmasterWorld Administrator webwork is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:June 2, 2003
posts:7877
votes: 27


Stop the bots / botnets, save the world?

Likely more true than we accept.

We love to hate agencies, such as the NSA, but what other agency or enterprise is taking the lead in challenging or taking down botnets?

Microsoft? The likely "botnet mother"? ICANN? Ya, sure, the mother of unlimited gTLDs, etc.

Really, when it comes to protecting the Web that we love from serious harm via attackers or botnets, who is in charge here?

Probably the answer is "us" - everyone of us - who has ever failed to secure a server or website, probably due to others handing us the keys to the car without confirming whether we have taken driving (security) lessons. And who's in charge of hosting firms, to be certain their servers are hardened against exploitation? And who is in charge of the server software and PC software providers to be certain their software is hardened? Can't wait to see what happens when everyone's cellphone->all-in-1-device starts to automatically dial up the Whitehouse or NSA . .

So, now the great mystery agency - the NSA - the agency with al the bad publicity or bad "we're spying on you" image, is going to take the lead in guiding the world in how to make the world more safe?

Well . . Geesh! It's the National Security Agency to the rescue?

It's about time some agency or enterprise took the lead. Shame it has to be one with image and other historical problems that may undermine any "trust us" campaign.

5:16 pm on Jan 13, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:July 16, 2002
posts:2133
votes: 1


>>but what other agency or enterprise is taking the lead in challenging or taking down botnets

Agree... if we can get the implicit synergy of gov to act as you suggest. Too often concise direction and execution is over-burdened by pork (political motives).

7:01 pm on Jan 13, 2009 (gmt 0)

Moderator from CA 

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 29, 2003
posts:4059
votes: 0


a fantastic list! definitely bookmarkable.

I just found + fixed a "race condition" (CWE-362) yesterday, and it was an obscure oversight in code I wrote only 6 months ago. For any programmer who does their own QA and penetration testing, this is a pretty good checklist to look at before deploying to production.

9:10 pm on Jan 13, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


Excellent list. Going to take a time to go through it all.

First saw it touted on Twitter by Matt Cutts, a couple of days ago.

12:56 am on Jan 14, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 7, 2002
posts:906
votes: 0


Well I'm living dangerously as I havent a clue what half of those 25 even mean ;)

I suppose I'll eventually have a clue the hard way

3:55 am on Jan 15, 2009 (gmt 0)

New User

5+ Year Member

joined:Jan 15, 2009
posts:2
votes: 0


well dauction it could be because some may use languages you dont know
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members