URGENT MESSAGE, from no one in particular, get one of these important technologies before they are all gone.
This is a serious message from no one, but doesn't minimize the importance of the message.
The weaknesses in this category are related to defensive techniques that are often misused, abused, or just plain ignored
CWE-306 Missing Authentication for Critical Function
CWE-862 Missing Authorization
CWE-798 Use of Hard-coded Credentials
CWE-311 Missing Encryption of Sensitive Data
CWE-807 Reliance on Untrusted Inputs in a Security Decision
CWE-250 Execution with Unnecessary Privileges
CWE-863 Incorrect Authorization
CWE-732 Incorrect Permission Assignment for Critical Resource
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
CWE-307 Improper Restriction of Excessive Authentication Attempts
CWE-759 Use of a One-Way Hash without a Salt
Reference: http://www.sans.org/top25-software-errors/#cat1
See my other blogs at:
See my colleagues blogs at:
well, how does one know when developing an application what are trusted inputs or not?
Hey cron22, good question and one that I will be discussing over the next few weeks.