Welcome to WebmasterWorld Guest from 54.160.131.144

Forum Moderators: phranque

Message Too Old, No Replies

Top 25 Dangerous Coding Errors

     

engine

3:07 pm on Jan 13, 2009 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



Top 25 Dangerous Coding Errors [news.bbc.co.uk]
The US National Security Agency has helped put together a list of the world's most dangerous coding mistakes.

The 25 entry list contains errors that can lead to security holes or vulnerable areas that can be targeted by cyber criminals.

Experts say many of these errors are not well understood by programmers.

Top 25 Coding Errors [sans.org]

nealrodriguez

4:13 pm on Jan 13, 2009 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



26. failing to hire somebody when your training comprises a few modules of webmonkey.

rocknbil

4:44 pm on Jan 13, 2009 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



The original SANS source with more details [sans.org] (bottom of page)

Bookmark that one! :-)

EDIT: Argh . . it's timing out now, maybe it's getting slashdotted . . . . or . . . their report has drawn too much attention from the "ankle biters" mentioned in the first article . . . .

Webwork

4:52 pm on Jan 13, 2009 (gmt 0)

WebmasterWorld Administrator webwork is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Stop the bots / botnets, save the world?

Likely more true than we accept.

We love to hate agencies, such as the NSA, but what other agency or enterprise is taking the lead in challenging or taking down botnets?

Microsoft? The likely "botnet mother"? ICANN? Ya, sure, the mother of unlimited gTLDs, etc.

Really, when it comes to protecting the Web that we love from serious harm via attackers or botnets, who is in charge here?

Probably the answer is "us" - everyone of us - who has ever failed to secure a server or website, probably due to others handing us the keys to the car without confirming whether we have taken driving (security) lessons. And who's in charge of hosting firms, to be certain their servers are hardened against exploitation? And who is in charge of the server software and PC software providers to be certain their software is hardened? Can't wait to see what happens when everyone's cellphone->all-in-1-device starts to automatically dial up the Whitehouse or NSA . .

So, now the great mystery agency - the NSA - the agency with al the bad publicity or bad "we're spying on you" image, is going to take the lead in guiding the world in how to make the world more safe?

Well . . Geesh! It's the National Security Agency to the rescue?

It's about time some agency or enterprise took the lead. Shame it has to be one with image and other historical problems that may undermine any "trust us" campaign.

Jon_King

5:16 pm on Jan 13, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



>>but what other agency or enterprise is taking the lead in challenging or taking down botnets

Agree... if we can get the implicit synergy of gov to act as you suggest. Too often concise direction and execution is over-burdened by pork (political motives).

httpwebwitch

7:01 pm on Jan 13, 2009 (gmt 0)

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member



a fantastic list! definitely bookmarkable.

I just found + fixed a "race condition" (CWE-362) yesterday, and it was an obscure oversight in code I wrote only 6 months ago. For any programmer who does their own QA and penetration testing, this is a pretty good checklist to look at before deploying to production.

g1smd

9:10 pm on Jan 13, 2009 (gmt 0)

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Excellent list. Going to take a time to go through it all.

First saw it touted on Twitter by Matt Cutts, a couple of days ago.

dauction

12:56 am on Jan 14, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Well I'm living dangerously as I havent a clue what half of those 25 even mean ;)

I suppose I'll eventually have a clue the hard way

pherzt

3:55 am on Jan 15, 2009 (gmt 0)

5+ Year Member



well dauction it could be because some may use languages you dont know
 

Featured Threads

Hot Threads This Week

Hot Threads This Month