dark_splinter
Power Member
Bem tava agora no mail... e recebi um mail do codeproject onde dizia que a NSA tinha revelado os 25 maiores erros de programação em relação a segurança......
fontes:
http://www.pcworld.com/article/156894/nsa_helps_name_most_dangerous_programming_mistakes.html
http://exameinformatica.clix.pt/noticias/software/1001518.html
etc etc...
Como demorei ainda um bocado a encontrar a lista dos erros deixo aqui uma copia....
[FONT=Arial, Helvetica, sans-serif]1.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Improper input validation[/FONT]
[FONT=Arial, Helvetica, sans-serif]2.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Improper encoding or escaping of output[/FONT]
[FONT=Arial, Helvetica, sans-serif]3.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Failure to preserve SQL query structure (SQL injection)[/FONT]
[FONT=Arial, Helvetica, sans-serif]4.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Failure to preserve Web page structure (cross-site scripting)[/FONT]
[FONT=Arial, Helvetica, sans-serif]5.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Failure to preserve operating system command structure (OS command injection)[/FONT]
[FONT=Arial, Helvetica, sans-serif]6.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Cleartext transmission of sensitive information[/FONT]
[FONT=Arial, Helvetica, sans-serif]7.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Cross-site request forgery[/FONT] [FONT=Arial, Helvetica, sans-serif]
8.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Race condition[/FONT]
[FONT=Arial, Helvetica, sans-serif]9.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Error message information leak[/FONT] [FONT=Arial, Helvetica, sans-serif]
10.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Failure to constrain operations within the bounds of a memory buffer[/FONT]
[FONT=Arial, Helvetica, sans-serif]11.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]External control of critical state data[/FONT] [FONT=Arial, Helvetica, sans-serif]
12.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]External control of file name or path[/FONT] [FONT=Arial, Helvetica, sans-serif]
13.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Untrusted search path[/FONT] [FONT=Arial, Helvetica, sans-serif]
14.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Failure to control generation of code (code injection)[/FONT] [FONT=Arial, Helvetica, sans-serif]
15.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Download of code without integrity check[/FONT]
[FONT=Arial, Helvetica, sans-serif]16.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Improper resource shutdown or release[/FONT]
[FONT=Arial, Helvetica, sans-serif]17.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Improper initialization[/FONT] [FONT=Arial, Helvetica, sans-serif]
18.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Incorrect calculation[/FONT] [FONT=Arial, Helvetica, sans-serif]
19.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Porous defenses[/FONT]
[FONT=Arial, Helvetica, sans-serif]20.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Use of a broken or risky cryptographic algorithm[/FONT]
[FONT=Arial, Helvetica, sans-serif]21.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Hard-coded password[/FONT]
[FONT=Arial, Helvetica, sans-serif]22.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Insecure permission assignment for critical resource[/FONT]
[FONT=Arial, Helvetica, sans-serif]23.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Use of insufficiently random values[/FONT]
[FONT=Arial, Helvetica, sans-serif]24.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Execution with unnecessary privileges[/FONT]
[FONT=Arial, Helvetica, sans-serif]25.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Client-side enforcement of server-side security[/FONT]
Não tenho a certeza se está é lista official.... devido a só ter encontrado está na minha rapida pesquisa....
Já agora .... tem algum erro a acrescentar?
fontes:
http://www.pcworld.com/article/156894/nsa_helps_name_most_dangerous_programming_mistakes.html
http://exameinformatica.clix.pt/noticias/software/1001518.html
etc etc...
Como demorei ainda um bocado a encontrar a lista dos erros deixo aqui uma copia....
[FONT=Arial, Helvetica, sans-serif]1.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Improper input validation[/FONT]
[FONT=Arial, Helvetica, sans-serif]2.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Improper encoding or escaping of output[/FONT]
[FONT=Arial, Helvetica, sans-serif]3.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Failure to preserve SQL query structure (SQL injection)[/FONT]
[FONT=Arial, Helvetica, sans-serif]4.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Failure to preserve Web page structure (cross-site scripting)[/FONT]
[FONT=Arial, Helvetica, sans-serif]5.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Failure to preserve operating system command structure (OS command injection)[/FONT]
[FONT=Arial, Helvetica, sans-serif]6.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Cleartext transmission of sensitive information[/FONT]
[FONT=Arial, Helvetica, sans-serif]7.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Cross-site request forgery[/FONT] [FONT=Arial, Helvetica, sans-serif]
8.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Race condition[/FONT]
[FONT=Arial, Helvetica, sans-serif]9.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Error message information leak[/FONT] [FONT=Arial, Helvetica, sans-serif]
10.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Failure to constrain operations within the bounds of a memory buffer[/FONT]
[FONT=Arial, Helvetica, sans-serif]11.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]External control of critical state data[/FONT] [FONT=Arial, Helvetica, sans-serif]
12.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]External control of file name or path[/FONT] [FONT=Arial, Helvetica, sans-serif]
13.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Untrusted search path[/FONT] [FONT=Arial, Helvetica, sans-serif]
14.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Failure to control generation of code (code injection)[/FONT] [FONT=Arial, Helvetica, sans-serif]
15.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Download of code without integrity check[/FONT]
[FONT=Arial, Helvetica, sans-serif]16.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Improper resource shutdown or release[/FONT]
[FONT=Arial, Helvetica, sans-serif]17.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Improper initialization[/FONT] [FONT=Arial, Helvetica, sans-serif]
18.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Incorrect calculation[/FONT] [FONT=Arial, Helvetica, sans-serif]
19.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Porous defenses[/FONT]
[FONT=Arial, Helvetica, sans-serif]20.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Use of a broken or risky cryptographic algorithm[/FONT]
[FONT=Arial, Helvetica, sans-serif]21.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Hard-coded password[/FONT]
[FONT=Arial, Helvetica, sans-serif]22.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Insecure permission assignment for critical resource[/FONT]
[FONT=Arial, Helvetica, sans-serif]23.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Use of insufficiently random values[/FONT]
[FONT=Arial, Helvetica, sans-serif]24.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Execution with unnecessary privileges[/FONT]
[FONT=Arial, Helvetica, sans-serif]25.[/FONT] [FONT=Verdana, Arial, Helvetica, sans-serif]Client-side enforcement of server-side security[/FONT]
Não tenho a certeza se está é lista official.... devido a só ter encontrado está na minha rapida pesquisa....
Já agora .... tem algum erro a acrescentar?