Originally posted by Mich the Tester
View Post
- Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
- Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!
Dangerous coding errors revealed
Collapse
X
-
"Experience hath shewn, that even under the best forms of government those entrusted with power have, in time, and by slow operations, perverted it into tyranny. "
Thomas Jefferson -
Originally posted by minestrone View PostWTF does "CWE-94:Failure to Control Generation of Code" actually mean.
For the real programming that real men do it doesn't make much sense.
Typical Yanks, all they're bothered about is putting up a good front...Comment
-
Originally posted by Purple Dalek View PostI think this list starts to make sense if you are a Web front end serving up something like jsp pages (not Jackson structured programming).
For the real programming that real men do it doesn't make much sense.
Typical Yanks, all they're bothered about is putting up a good front...And what exactly is wrong with an "ad hominem" argument? Dodgy Agent, 16-5-2014Comment
-
A more proper name for the list would be "top 25 coding errors that can lead to security problems in a website". But it wouldn't make such a good headline would it?
From the article:
The US National Security Agency has helped put together a list of the world's most dangerous coding mistakes.
The 25 entry list contains errors that can lead to security holes or vulnerable areas that can be targeted by cyber criminals.Last edited by bored; 13 January 2009, 14:11.Comment
-
Originally posted by bored View PostA more proper name for the list would be "top 25 coding errors that can lead to security problems in a website" - from the article:Comment
-
Originally posted by Purple Dalek View PostWell, even then it doesn't quite fit as one of the top 25 would be running windows as the OS and server the website was running on.Comment
-
Originally posted by Board Game Geek View PostMore than 30 organisations, including the US National Security Agency, the Department of Homeland Security, Microsoft, and Symantec published the document. THE TOP 25 MOST DANGEROUS PROGRAMMING ERRORS
CWE-20:Improper Input Validation
CWE-116:Improper Encoding or Escaping of Output
CWE-89:Failure to Preserve SQL Query Structure
...“Brexit is having a wee in the middle of the room at a house party because nobody is talking to you, and then complaining about the smell.”Comment
-
One of the biggest howlers, which many OS coders don't really understand, is failing to weaken pointers passed inside structures to core functions. If you find an example of that (and it's easy to test a function call), the whole OS is wide open.
The hardware automatically weakens pointers in the argument list when the call crosses from the user address space into the shared core address space. But there's no way it can know to delve into structures those pointers reference.
Outfits like the NSA probably keep quiet about this, as *they* exploit those weaknesses as back doors.Work in the public sector? Read the IR35 FAQ hereComment
-
delete * from trade
- not a good one to try in a sql session you have kicking around thinking its a dev database, and finding out, ooh about 43 seconds later, that it wasn'tComment
-
Originally posted by Board Game Geek View PostOpen Season on Programmers...the new Terrorists....
The US National Security Agency has helped put together a list of the world's most dangerous coding mistakes.
The 25 entry list contains errors that can lead to security holes or vulnerable areas that can be targeted by cyber criminals.
Experts say many of these errors are not well understood by programmers.
Who the **** are they using as programmers, 12 year olds?
timComment
- Home
- News & Features
- First Timers
- IR35 / S660 / BN66
- Employee Benefit Trusts
- Agency Workers Regulations
- MSC Legislation
- Limited Companies
- Dividends
- Umbrella Company
- VAT / Flat Rate VAT
- Job News & Guides
- Money News & Guides
- Guide to Contracts
- Successful Contracting
- Contracting Overseas
- Contractor Calculators
- MVL
- Contractor Expenses
Advertisers
Contractor Services
CUK News
- Streamline Your Retirement with iSIPP: A Solution for Contractor Pensions Sep 1 09:13
- Making the most of pension lump sums: overview for contractors Sep 1 08:36
- Umbrella company tribunal cases are opening up; are your wages subject to unlawful deductions, too? Aug 31 08:38
- Contractors, relabelling 'labour' as 'services' to appear 'fully contracted out' won't dupe IR35 inspectors Aug 31 08:30
- How often does HMRC check tax returns? Aug 30 08:27
- Work-life balance as an IT contractor: 5 top tips from a tech recruiter Aug 30 08:20
- Autumn Statement 2023 tipped to prioritise mental health, in a boost for UK workplaces Aug 29 08:33
- Final reminder for contractors to respond to the umbrella consultation (closing today) Aug 29 08:09
- Top 5 most in demand cyber security contract roles Aug 25 08:38
- Changes to the right to request flexible working are incoming, but how will contractors be affected? Aug 24 08:25
Comment