Los 25 peores errores que puede haber en un software

La corporación MITRE, de EEUU, mantiene una lista con los “Top 25” errores más importantes en el software o CWE (Common Weakness Enumeration). Recientemente han actualizado la lista, que contiene más de 800 errores, y en la que los peores son los relativos al “Injection”, los “SQL Injection” y “OS Command Injection”. Os dejo la lista de los 25 peores, que son:
1 – Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
2 – Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
3 – Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
4 – Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
5 – Missing Authentication for Critical Function
6 – Missing Authorization
7 – Use of Hard-coded Credentials
8 – Missing Encryption of Sensitive Data
9 – Unrestricted Upload of File with Dangerous Type
10 – Reliance on Untrusted Inputs in a Security Decision
11 – Execution with Unnecessary Privileges
12 – Cross-Site Request Forgery (CSRF)
13 – Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
14 – Download of Code Without Integrity Check
15 – Incorrect Authorization
16 – Inclusion of Functionality from Untrusted Control Sphere
17 – Incorrect Permission Assignment for Critical Resource
18 – Use of Potentially Dangerous Function
19 – Use of a Broken or Risky Cryptographic Algorithm
20.- Incorrect Calculation of Buffer Size
21 – Improper Restriction of Excessive Authentication Attempts
22 – URL Redirection to Untrusted Site (‘Open Redirect’)
23 – Uncontrolled Format String
24 – Integer Overflow or Wraparound
25 – Use of a One-Way Hash without a Salt

0 comentarios en “Los 25 peores errores que puede haber en un software”

  1. Pingback: Bitacoras.com

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

Share This
Ir arriba