yayakmpf 14:14 on 14 January 2009 Balas

Kesalahan coding yg paling berbahaya telah terungkap. Pakar2 pemrograman mengatakan banyak dari kesalahan2 tsb belum begitu diketahui.
25 daftar kesalahan ini bisa membawa ke celah keamanan/security hole/vulnerable area yg bisa dijadikan target para kriminal cyber.

THE TOP 25 MOST DANGEROUS PROGRAMMING ERRORS

* CWE-20: Improper Input Validation
* CWE-116: Improper Encoding or Escaping of Output
* CWE-89: Failure to Preserve SQL Query Structure
* CWE-79: Failure to Preserve Web Page Structure
* CWE-78: Failure to Preserve OS Command Structure
* CWE-319: Cleartext Transmission of Sensitive Information
* CWE-352: Cross-Site Request Forgery
* CWE-362: Race Condition
* CWE-209: Error Message Information Leak
* CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer
* CWE-642: External Control of Critical State Data
* CWE-73: External Control of File Name or Path
* CWE-426: Untrusted Search Path
* CWE-94: Failure to Control Generation of Code
* CWE-494: Download of Code Without Integrity Check
* CWE-404: Improper Resource Shutdown or Release
* CWE-665: Improper Initialization
* CWE-682: Incorrect Calculation
* CWE-285: Improper Access Control
* CWE-327: Use of a Broken or Risky Cryptographic Algorithm
* CWE-259: Hard-Coded Password
* CWE-732: Insecure Permission Assignment for Critical Resource
* CWE-330: Use of Insufficiently Random Values
* CWE-250: Execution with Unnecessary Privileges
* CWE-602: Client-Side Enforcement of Server-Side Security

Source: SANS Institute
Disadur dari : BBC-News