Posted January 14, 200916 yr CWE-20:Improper Input Validation CWE-116:Improper Encoding or Escaping of Output CWE-89:Failure to Preserve SQL Query Structure CWE-79:Failure to Preserve Web Page Structure CWE-78:Failure to Preserve OS Command Structure CWE-319:Cleartext Transmission of Sensitive Information CWE-352:Cross-Site Request Forgery CWE-362:Race Condition CWE-209:Error Message Information Leak CWE-119:Failure to Constrain Operations within the Bounds of a Memory Buffer CWE-642:External Control of Critical State Data CWE-73:External Control of File Name or Path CWE-426:Untrusted Search Path CWE-94:Failure to Control Generation of Code CWE-494:Download of Code Without Integrity Check CWE-404:Improper Resource Shutdown or Release CWE-665:Improper Initialization CWE-682:Incorrect Calculation CWE-285:Improper Access Control CWE-327:Use of a Broken or Risky Cryptographic Algorithm CWE-259:Hard-Coded Password CWE-732:Insecure Permission Assignment for Critical Resource CWE-330:Use of Insufficiently Random Values CWE-250:Execution with Unnecessary Privileges CWE-602:Client-Side Enforcement of Server-Side Security Source: SANS Institute
January 17, 200916 yr Author These are the top 25 reasons web pages get hacked. Programmers should take these situations into account when they are developing applications.
January 24, 200916 yr YoMama said: loluraged? Not at all. I'm just pointing out how pointless your thread is. You could of made it better by giving examples, For example; You can use html_entities and mysql_real_escape_string to protect from XSS attacks. Check php.net for the full example. kthx.
January 25, 200916 yr Nice thread. I guess. Hmm I'll remeber those if i ever decide to become a web dev. :)
January 25, 200916 yr intelon678 said: Nice thread. I guess. Hmm I'll remeber those if i ever decide to become a web dev. :) k, you have fun with that
January 25, 200916 yr Author Quote Opter;606699']lame How much have you done for the 'Programming Resources and Help' section of the forums? Batchy said: Not at all. I'm just pointing out how pointless your thread is. You could of made it better by giving examples, For example; You can use html_entities and mysql_real_escape_string to protect from XSS attacks. Check php.net for the full example. kthx. Since this section of the forums is hardly ever is used for anything productive, I really don't care to spend alot of energy for it. I do try to give information when I can, though. Do you think your example works in an asp.net environment also? How much have you done for the 'Programming Resources and Help' section of the forums?
January 25, 200916 yr YoMama said: How much have you done for the 'Programming Resources and Help' section of the forums? Since this section of the forums is hardly ever is used for anything productive, I really don't care to spend alot of energy for it. I do try to give information when I can, though. Do you think your example works in an asp.net environment also? ASP Sucks. Quote How much have you done for the 'Programming Resources and Help' section of the forums? I'm new here etc.
January 26, 200916 yr Author Batchy said: ASP Sucks. The reason I asked that question was to make you realize how many different environments exist out there. If I had to provide an example of each of these 25 problems for every combination of Operating System, Database, Development Environment, and Web Server, I'd lose my fuckin' mind. A developer should know their environment enough that I don't have to provide examples of these issues for everyone. Developers sometimes forget these 25 problems, so I'm glad to remind everyone, but I cannot post all combination of examples. Batchy said: I'm new here etc. Since you're new here, why don't you contribute and let's see what you can do?
January 26, 200916 yr Pretty much all of these are going to be useful only in some web language, most likely PHP and ASP cause they are easy as fuck for hobbiests to just pick up, code a little CMS then get hacked by some 13 year old muslim faggot. Edited January 26, 200916 yr by ghizzle
February 6, 200916 yr YoMama said: Since you're new here, why don't you contribute and let's see what you can do? Whoa, I forgot about these forums for a few days. I shall contribute in the next week or so.
February 9, 200916 yr Author ghizzle said: Change my pitch up, this thread sucks. http://www.forumammo.com/cpg/albums/userpics/10063/gtfo.png
March 3, 200916 yr Quote sideways;609649']I found all these errors as I was cracking the EA distributor :gaykeke:
