CDRInfo Forum CDRInfo Forum

Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

Experts Announce the 25 Most Dangerous Programming Errors - And How to Fix Them   Logged in as: Guest
Viewers: 1298 You can click here to see Today's Posts | Most Active Topics | Posts Since Last Visit
  Printable Version
All Forums >> [News Around The Web] >> Security News >> Experts Announce the 25 Most Dangerous Programming Errors - And How to Fix Them Page: [1]
Login
Message << Older Topic   Newer Topic >>
Experts Announce the 25 Most Dangerous Programming Erro... - 1/13/2009 12:58:23 PM   
icube001


Posts: 5429
Joined: 11/6/2006
Status: offline
Experts from more than 30 US and international cyber security organizations jointly released the list of the 25 most dangerous programming errors that lead to security bugs and that enable cyber espionage and cyber crime.

The list was spearheaded by the National Security Agency.

"Shockingly, most of these errors are not well understood by programmers; their avoidance is not widely taught by computer science programs; and their presence is frequently not tested by organizations developing software for sale," SANS Institute said in a press release.

The impact of these errors led to more than 1.5 million web site security breaches during 2008 - and those breaches cascaded onto the computers of people who visited those web sites, turning their computers into zombies.

People and organizations that provided input to the project are among the most respected security experts and they come from leading organizations ranging from Symantec and Microsoft, to DHS's National Cyber Security Division and NSA's Information Assurance Division, to OWASP and the Japanese IPA, to the University of California at Davis and Purdue University.

Until now, most guidance focused on the 'vulnerabilities' that result from programming errors. The Top 25, however, focuses on the actual programming errors, made by developers that create the vulnerabilities. As important, the Top 25 web site provides detailed information on mitigation. "Now, with the Top 25, we can spend less time working with police after the house has been robbed and instead focus on getting locks on the doors before it happens." said Paul Kurtz, a principal author of the US National Strategy to Secure Cyberspace and executive director of the Software Assurance Forum for Excellence in Code (SAFECode).

The list might help improve the quality of programming classes and training programs by creating consensus about what the most common mistakes are and what developers can do to prevent them.

The errors have been broken into three categories labeled insecure interaction between components (nine errors), risky resource management (nine also) and porous defenses (seven). Mistakes include improper input validation, external control of external state data and improper access control.

Resources to Help Eliminate The Top 25 Errors

The TOP 25 Errors List will be updated regularly and will be posted at both the SANS and MITRE sites www.sans.org/top25 cwe.mitre.org/top25/

MITRE maintains the CWE (Common Weakness Enumeration) web site, with the support of the US Department of Homeland Security's National Cyber Security Division, presenting detailed descriptions of the top 25 programming errors along with authoritative guidance for mitigating and avoiding them. That site also contains data on more than 700 additional programming errors, design errors and architecture errors that can lead to exploitable vulnerabilities. cwe.mitre.org/

SANS maintains a series of assessments of secure coding skills in three languages along with certification exams that allow programmers to determine gaps in their knowledge of secure coding and allows buyers to ensure outsourced programmers have sufficient programming skills. Organizations with more than 500 programmers can assess the secure coding skills of up to 100 programmers at no cost.
Post #: 1
Page:   [1]
All Forums >> [News Around The Web] >> Security News >> Experts Announce the 25 Most Dangerous Programming Errors - And How to Fix Them Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.031