Los 25 errores de programación más peligrosos
De la mano de CWE y SANS, nos llega un amplio documento donde documentan, valga la redundancia, los 25 errores de programación más peligrosos del 2010. Dónde peligroso significa, errores ampliamente extendidos y fáciles de encontrar y explotar.La tabla de contenido del documento es la siguiente:
- Guidance for Using the Top 25
- Brief Listing of the Top 25
- Category-Based View of the Top 25
- Focus Profiles
- Organization of the Top 25
- Detailed CWE Descriptions
- Monster Mitigations
- Appendix A: Selection Criteria and Supporting Fields
- Appendix B: What Changed in the 2010 Top 25
- Appendix C: Construction, Selection, and Scoring of the Top 25
- Appendix D: Comparison to OWASP Top Ten 2010 RC1
- Appendix E: Other Resources for the Top 25
- Changes to This Document
Rank | Score | ID | Name |
---|---|---|---|
[1] | 346 | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
[2] | 330 | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') |
[3] | 273 | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
[4] | 261 | CWE-352 | Cross-Site Request Forgery (CSRF) |
[5] | 219 | CWE-285 | Improper Access Control (Authorization) |
[6] | 202 | CWE-807 | Reliance on Untrusted Inputs in a Security Decision |
[7] | 197 | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
[8] | 194 | CWE-434 | Unrestricted Upload of File with Dangerous Type |
[9] | 188 | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') |
[10] | 188 | CWE-311 | Missing Encryption of Sensitive Data |
[11] | 176 | CWE-798 | Use of Hard-coded Credentials |
[12] | 158 | CWE-805 | Buffer Access with Incorrect Length Value |
[13] | 157 | CWE-98 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion') |
[14] | 156 | CWE-129 | Improper Validation of Array Index |
[15] | 155 | CWE-754 | Improper Check for Unusual or Exceptional Conditions |
[16] | 154 | CWE-209 | Information Exposure Through an Error Message |
[17] | 154 | CWE-190 | Integer Overflow or Wraparound |
[18] | 153 | CWE-131 | Incorrect Calculation of Buffer Size |
[19] | 147 | CWE-306 | Missing Authentication for Critical Function |
[20] | 146 | CWE-494 | Download of Code Without Integrity Check |
[21] | 145 | CWE-732 | Incorrect Permission Assignment for Critical Resource |
[22] | 145 | CWE-770 | Allocation of Resources Without Limits or Throttling |
[23] | 142 | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
[24] | 141 | CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
[25] | 138 | CWE-362 | Race Condition |
Buscar
Entradas Recientes
- Posts
- Reemplazando la bateria del AirTag
- OpenExpo Europe décima edición, 18 de mayo: El Epicentro de la Innovación y la Transformación Digital
- Docker Init
- Kubernetes para profesionales
- Agenda: OpenExpo Europe 2022 llega el 30 de junio en formato presencial
- Libro 'Manual de la Resilencia', de Alejandro Corletti, toda una referencia para la gestión de la seguridad en nuestros sistemas
- Mujeres hackers en ElevenPaths Radio
- Creando certificados X.509 caducados
- Generador de imágenes Docker para infosec