JamesCherrill Posted January 13, 2009 Share Posted January 13, 2009 From the BBC today: The US National Security Agency has helped put together a list of the world's most dangerous coding mistakes. The 25 entry list contains errors that can lead to security holes or vulnerable areas that can be targeted by cyber criminals. http://news.bbc.co.uk/2/low/technology/7824939.stm ps; Sorry guys, I copied the topic name from the BBCs website and it's all in caps. Maybe a mod. can fix that for me? Link to comment Share on other sites More sharing options...
0 +Majesticmerc MVC Posted January 13, 2009 MVC Share Posted January 13, 2009 To be honest, I feel they're all pretty obvious. I did my work experience placement for my degree for the English National Health Service, and if I did something as dumb as any of them, I'd be shouted at! Additionally, some of them should be removed by the time testing is complete. Input validation should be tested extremely thoroughly, SQL injection should be impossible if you've used good practice techniques (i.e. using the SqlCommand class properly in .NET). If these are cropping up in NSA applications, then they need new programmers. <flameon/> Link to comment Share on other sites More sharing options...
0 tomwarren Veteran Posted January 13, 2009 Veteran Share Posted January 13, 2009 (titled edited) removed caps Link to comment Share on other sites More sharing options...
0 James Rose Posted January 13, 2009 Share Posted January 13, 2009 Nice list, but sadly not a lot of detail and no examples or related articles. IMO an article of this importance needs more than to list the items we need to avoid. But thanks for the heads up. Link to comment Share on other sites More sharing options...
0 ViZioN Posted January 13, 2009 Share Posted January 13, 2009 Read this on the BBC earlier. I think quite a few of those are obvious and should've been fixed, i.e input validation Link to comment Share on other sites More sharing options...
0 sbauer Posted January 13, 2009 Share Posted January 13, 2009 Sadly, you'll see a lot of these in a single in-house business application. Link to comment Share on other sites More sharing options...
0 Laurë Veteran Posted January 17, 2009 Veteran Share Posted January 17, 2009 If they were obvious we would never have had rockets and such blowing up because of them. Even if you do know about them, how to avoid, etc etc, when it's 5.25 pm on a Friday, you've got to get this code done before you can go for your weekend... you're going to be in a rush. It's highly likely that a normal human being will take a shortcut. Link to comment Share on other sites More sharing options...
0 ViZioN Posted January 17, 2009 Share Posted January 17, 2009 If they were obvious we would never have had rockets and such blowing up because of them. Even if you do know about them, how to avoid, etc etc, when it's 5.25 pm on a Friday, you've got to get this code done before you can go for your weekend... you're going to be in a rush. It's highly likely that a normal human being will take a shortcut. Even so, code you complete at that time shouldn't be getting shipped. Should get reviewed first, but I get your point :) Link to comment Share on other sites More sharing options...
Question
JamesCherrill
From the BBC today:
The US National Security Agency has helped put together a list of the world's most dangerous coding mistakes.
The 25 entry list contains errors that can lead to security holes or vulnerable areas that can be targeted by cyber criminals.
http://news.bbc.co.uk/2/low/technology/7824939.stm
ps; Sorry guys, I copied the topic name from the BBCs website and it's all in caps. Maybe a mod. can fix that for me?
Link to comment
Share on other sites
7 answers to this question
Recommended Posts