Best view in Firefox and Chrome

Serious coding errors revealed

Tuesday, January 13, 2009
Convert Article to PDFPrint ArticleEmail Article to FrinedBookmark this Article

Software without 'a' single bug....! What you are thinking...? Is it possible? A bug is an error, flaw, mistake, failure, or fault in a computer program that prevents it from behaving as intended . If you are in a software development field then you definitely know about this name call Bug. Sometime you might get irritation on this name, because you might had got several terrible experiences in BUG FIXING in your workplace.

It is common practice for software to be released with known bugs that are considered non-critical. It is quite obvious and not an important fact that software may contain some numbers of known bugs when shipped, measurements during the testing may provide a statistically reliable estimate of the number of likely bugs remaining. These is because of the marketing strategy of that software. While software development team wasting the time to fix on that known bugs, others may get the chance to capture that market. So that is why I said it is an obvious thing in Software market. This list inform users about bugs that are not fixed in the current release, or not fixed at all, and often a workaround is offered additionally.

But some time there are some unknown bugs in the software that may lead to exploit unknown vulnerabilities in a system. That can lead to security holes or vulnerable areas that can be targeted by cyber criminals.
Today the US National Security Agency has published a list of the world's most dangerous coding mistakes. The Experts quoted that many of these errors are not well understood by programmers. Here I put that TOP 25 MOST DANGEROUS PROGRAMMING ERRORS which are categorized by US National Security Agency.

CWE-20Improper Input Validation
CWE-116Improper Encoding or Escaping of Output
CWE-89Failure to Preserve SQL Query Structure
CWE-79Failure to Preserve Web Page Structure
CWE-78Failure to Preserve OS Command Structure
CWE-319Cleartext Transmission of Sensitive Information
CWE-352Cross-Site Request Forgery
CWE-362Race Condition
CWE-209Error Message Information Leak
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-642External Control of Critical State Data
CWE-73External Control of File Name or Path
CWE-426Untrusted Search Path
CWE-94Failure to Control Generation of Code
CWE-494Download of Code Without Integrity Check
CWE-404Improper Resource Shutdown or Release
CWE-665Improper Initialization
CWE-682Incorrect Calculation
CWE-285Improper Access Control
CWE-327Use of a Broken or Risky Cryptographic Algorithm
CWE-259Hard-Coded Password
CWE-732Insecure Permission Assignment for Critical Resource
CWE-330Use of Insufficiently Random Values
CWE-250Execution with Unnecessary Privileges
CWE-602Client-Side Enforcement of Server-Side Security

[ News courtesy : BBC Technology News ]

Read these Articles :


Why Breeze

This is a new technological rhythm in the web. It blooms like a Breeze in your technological face with more than 75 technoligical atricles and guidences.

Contact Me
Contact Me Send an Email Facebook Account LinkedIn profile Twitter/Shayanth
Share And Save
Social Share with Twitter Facebook Share Add to Google Save on Delicious
Get Updates

The RSS will facilitate you to get the updates from Breeze. Click Here to redirect to the RSS link.

Designed by Posicionamiento Web | Bloggerized by GosuBlogger | Blue Business Blogger | Customized by SHAUOM