* Category: Insecure Interaction Between Components (9 errors)
* Category: Risky Resource Management (9 errors)
* Category: Porous Defenses (7 errors)
CATEGORY: Insecure Interaction Between Components
- CWE-20: Improper Input Validation
- CWE-116: Improper Encoding or Escaping of Output
- CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection')
- CWE-79: Failure to Preserve Web Page Structure (aka 'Cross-site Scripting')
- CWE-78: Failure to Preserve OS Command Structure (aka 'OS Command Injection')
- CWE-319: Cleartext Transmission of Sensitive Information
- CWE-352: Cross-Site Request Forgery (CSRF)
- CWE-362: Race Condition
- CWE-209: Error Message Information Leak
CATEGORY: Risky Resource Management
- CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer
- CWE-642: External Control of Critical State Data
- CWE-73: External Control of File Name or Path
- CWE-426: Untrusted Search Path
- CWE-94: Failure to Control Generation of Code (aka 'Code Injection')
- CWE-494: Download of Code Without Integrity Check
- CWE-404: Improper Resource Shutdown or Release
- CWE-665: Improper Initialization
- CWE-682: Incorrect Calculatio
CATEGORY: Porous Defenses
- CWE-285: Improper Access Control (Authorization)
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
- CWE-259: Hard-Coded Password
- CWE-732: Insecure Permission Assignment for Critical Resource
- CWE-330: Use of Insufficiently Random Values
- CWE-250: Execution with Unnecessary Privileges
- CWE-602: Client-Side Enforcement of Server-Side Security
အဲဒီ Errors ေတြကို ဘယ္သူေတြက ဘယ္လိုသတ္မွတ္ၿပီး တစ္ခုျခင္းစီရဲ့ အေသးစိတ္ရွင္းလင္းခ်က္ေတြ ကို ဒီေနရာမွာ ဖတ္ရွဳႏိုင္ပါတယ္။
SAM : 2009 CWE/SANS TOP 25 Most Dangerous Programming Errors
CWE : 2009 CWE/SANS Top 25 Most Dangerous Programming Errors
CWE : 2009 CWE/SANS Top 25 Most Dangerous Programming Errors
Credit to ****
3 comments:
Really useful!! I can be more careful while coding. thanks for sharing. :)
thanks for your sharing
မွတ္သား စရာေတြအတြက္ ေက်းဇူး
Post a Comment