Hi all.. 
Serious coding errors revealed
Software without 'a' single bug....! What you are thinking...? Is it possible? A bug is an error, flaw, mistake, failure, or fault in a computer program that prevents it from behaving as intended . If you are in a software development field then you definitely know about this name call Bug. Sometime you might get irritation on this name, because you might had got several terrible experiences in BUG FIXING in your workplace. 
It is common practice for software to be released with known bugs that are considered non-critical. It is quite obvious and not an important fact that software may contain some numbers of known bugs when shipped, measurements during the testing may provide a statistically reliable estimate of the number of likely bugs remaining. These is because of the marketing strategy of that software. While software development team wasting the time to fix on that known bugs, others may get the chance to capture that market. So that is why I said it is an obvious thing in Software market. This list inform users about bugs that are not fixed in the current release, or not fixed at all, and often a workaround is offered additionally.
But some time there are some unknown bugs in the software that may lead to exploit unknown vulnerabilities in a system. That can lead to security holes or vulnerable areas that can be targeted by cyber criminals.
Today the US National Security Agency has published a list of the world's most dangerous coding mistakes. The Experts quoted that many of these errors are not well understood by programmers. Here I put that TOP 25 MOST DANGEROUS PROGRAMMING ERRORS which are categorized by US National Security Agency.
| CWE-20 | Improper Input Validation |
| CWE-116 | Improper Encoding or Escaping of Output |
| CWE-89 | Failure to Preserve SQL Query Structure |
| CWE-79 | Failure to Preserve Web Page Structure |
| CWE-78 | Failure to Preserve OS Command Structure |
| CWE-319 | Cleartext Transmission of Sensitive Information |
| CWE-352 | Cross-Site Request Forgery |
| CWE-362 | Race Condition |
| CWE-209 | Error Message Information Leak |
| CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| CWE-642 | External Control of Critical State Data |
| CWE-73 | External Control of File Name or Path |
| CWE-426 | Untrusted Search Path |
| CWE-94 | Failure to Control Generation of Code |
| CWE-494 | Download of Code Without Integrity Check |
| CWE-404 | Improper Resource Shutdown or Release |
| CWE-665 | Improper Initialization |
| CWE-682 | Incorrect Calculation |
| CWE-285 | Improper Access Control |
| CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
| CWE-259 | Hard-Coded Password |
| CWE-732 | Insecure Permission Assignment for Critical Resource |
| CWE-330 | Use of Insufficiently Random Values |
| CWE-250 | Execution with Unnecessary Privileges |
| CWE-602 | Client-Side Enforcement of Server-Side Security |
[ News courtesy : BBC Technology News ]
This is a new technological rhythm in the web. It blooms like a Breeze in your technological face with more than 75 technoligical atricles and guidences. 
The RSS will facilitate you to get the updates from Breeze.
0 comments:
Post a Comment