Software insecurity: Porous Defense - Systems, architecture and engineering solutions! - Site Home - MSDN Blogs

Systems, architecture and engineering solutions!

This site will do in depth analysis of subjects such as service oriented architecture, software engineering and technologies such as Exchange and Sharepoint.

Software insecurity: Porous Defense

Software insecurity: Porous Defense

Rate This
  • Comments 2

The weaknesses in this category are related to defensive techniques that are often misused, abused, or just plain ignored

image

CWE-306
Missing Authentication for Critical Function

CWE-862
Missing Authorization

CWE-798
Use of Hard-coded Credentials

CWE-311
Missing Encryption of Sensitive Data

CWE-807
Reliance on Untrusted Inputs in a Security Decision

CWE-250
Execution with Unnecessary Privileges

CWE-863
Incorrect Authorization

CWE-732
Incorrect Permission Assignment for Critical Resource

CWE-327
Use of a Broken or Risky Cryptographic Algorithm

CWE-307
Improper Restriction of Excessive Authentication Attempts

CWE-759
Use of a One-Way Hash without a Salt

Reference: http://www.sans.org/top25-software-errors/#cat1

See my other blogs at:

See my colleagues blogs at:

  • well, how does one know when developing an application what are trusted inputs or not?  

  • Hey cron22, good question and one that I will be discussing over the next few weeks.

Page 1 of 1 (2 items)
Leave a Comment
  • Please add 1 and 2 and type the answer here:
  • Post