The MITRE teamed with SANS to compile a list of the top dangers in programming errors. These are holes that developers make which allow hackers to exploit the code. Let's look at some examples.
It is no surprise that SQL injection vectors from not checking input would be high on the list. Buffer overflows are also no big surprise. But have you thought about improper paths for directories specified by users? Who would have thunk it?
Here is a problem that I have seen in a peer's code: They hard code authentication info in the code. WTF? And here is one that I am sometimes guilty of. Putting too much sensitive info in an error message.
I think my next project is to demonstrate an example of one of these attack vectors.
Reproducing a Race Condition
-
We have a job at work that runs every Wednesday night. All of a sudden, it
aborted the last 2 weeks. This caused some critical data to be late. The
main ...