The MITRE teamed with SANS to compile a list of the top dangers in programming errors. These are holes that developers make which allow hackers to exploit the code. Let's look at some examples.
It is no surprise that SQL injection vectors from not checking input would be high on the list. Buffer overflows are also no big surprise. But have you thought about improper paths for directories specified by users? Who would have thunk it?
Here is a problem that I have seen in a peer's code: They hard code authentication info in the code. WTF? And here is one that I am sometimes guilty of. Putting too much sensitive info in an error message.
I think my next project is to demonstrate an example of one of these attack vectors.
Be Brave to Get Work Done - I was woken up this morning from a call from work. Not a good sign. Apparently the customer found a potential problem in our delivery. I got on a conferen...