TOP 25 Most Dangerous Programming Errors

An agreement has been found by expert regarding the top 25 most dangerous programming errors.

Very interesting list indeed, nice point is that we can find a lot of details on how to avoid these security errors. Obviously the dangerous part of these errors is that they can be exploited…

Insecure Interaction Between Components

  • Improper Input Validation
  • Improper Encoding or Escaping of Output
  • Failure to Preserve SQL Query Structure (aka ‘SQL Injection’)
  • Failure to Preserve Web Page Structure (aka ‘Cross-site Scripting’)
  • Failure to Preserve OS Command Structure (aka ‘OS Command Injection’)
  • Cleartext Transmission of Sensitive Information
  • Cross-Site Request Forgery (CSRF)
  • Race Condition
  • Error Message Information Leak

Risky Resource Management

  • Failure to Constrain Operations within the Bounds of a Memory Buffer
  • External Control of Critical State Data
  • External Control of File Name or Path
  • Untrusted Search Path
  • Failure to Control Generation of Code (aka ‘Code Injection’)
  • Download of Code Without Integrity Check
  • Improper Resource Shutdown or Release
  • Improper Initialization
  • Incorrect Calculation

Porous Defenses

  • Improper Access Control (Authorization)
  • Use of a Broken or Risky Cryptographic Algorithm
  • Hard-Coded Password
  • Insecure Permission Assignment for Critical Resource
  • Use of Insufficiently Random Values
  • Execution with Unnecessary Privileges
  • Client-Side Enforcement of Server-Side Security

Windows 7 Beta is now Available :)

While trying to download Windows7 today (like a lot of other people it seems as the server are too busy), I saw this postpone message from the Windows blog, I share it here as it is so slow to access:

Due to very heavy traffic we’re seeing as a result of interest in the Windows 7 Beta, we are adding some additional infrastructure support to the Microsoft.com properties before we post the public beta. We want to ensure customers have the best possible experience when downloading the beta, and I’ll be posting here again soon once the beta goes live. Stay tuned! We are excited that you are excited!

The good news is that the link has been made available via neowin.

And the build exist as a torrent from some days already.

Now the bad news:

There is no key so far, for them we have to wait tommorow where *only* 2.5 millions key will be distributed :o

Any way, the key can be entered later I guess.
Enjoy the test !

A.

Microsoft – ZDC –

I’m a bit late for propagating the news, so you may have already heard that Microsoft has opened the Zurich Development Center (December 2008).

 Microsoft Zurich Development Center

 

We are working on bits for Office Communication Server.

The work enviromement is really great, we got very confortable offices with a fitness room and a game room (ping-pong, dart, table soccer, shuffle puck, pool) and an enormous cafetaria : )

 

Ahmet