[cap-talk] SANS Institute's "25 Most Dangerous Programming Errors"

Mark Miller erights at gmail.com
Mon Jan 12 18:19:48 EST 2009


On Mon, Jan 12, 2009 at 1:22 PM, Chip Morningstar <chip at fudco.com> wrote:
> The SANS Institute just released a PR missive declaring "the 25 most dangerous
> programming errors", in the consensus of a bunch of experts from the
> conventional security establishment.
>
> http://www.sans.org/top25errors/
>
> By my count, at least 11 of the 25 are confused deputy problems.
>
> Sounds like a rhetorical opportunity for somebody here.  Tyler?


Here's a rough cut on "How do the ocap platforms help address these":


CATEGORY: Insecure Interaction Between Components

CWE-20: Improper Input Validation
E: soft types, auditing
Waterken/Joe-E: static types, built-in auditors
Caja: none until ES-Harmony

CWE-116: Improper Encoding or Escaping of Output
E: quasiliterals
Waterken/Joe-E: none
Caja: secure string interpolation

CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection')
E: quasiliterals
Waterken/Joe-E: none
Caja: secure string interpolation

CWE-79: Failure to Preserve Web Page Structure (aka 'Cross-site Scripting')
E: quasiliterals
Waterken/Joe-E: none
Caja: secure string interpolation, sanitizing html

CWE-78: Failure to Preserve OS Command Structure (aka 'OS Command Injection')
E: quasiliterals
Waterken/Joe-E: none
Caja: secure string interpolation, sanitizing html

CWE-319: Cleartext Transmission of Sensitive Information
E: captp
Waterken/Joe-E: https
Caja: https

CWE-352: Cross-Site Request Forgery (CSRF)
E, Waterken/Joe-E, Caja: object-capabilities deconfuse deputies

CWE-362: Race Condition
E, Waterken/Joe-E, Caja: Event-loop concurrency

CWE-209: Error Message Information Leak
E: sealed errors, stack traces
Waterken/Joe-E: sealed stack traces
Caja: sealed stack traces

CATEGORY: Risky Resource Management

CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer
E, Waterken/Joe-E, Caja: memory safety

CWE-642: External Control of Critical State Data
E, Waterken/Joe-E, Caja: object-capabilities deconfuse deputies

CWE-73: External Control of File Name or Path
E, Waterken/Joe-E, Caja: object-capabilities deconfuse deputies

CWE-426: Untrusted Search Path
E, Waterken/Joe-E, Caja: object-capabilities deconfuse deputies

CWE-94: Failure to Control Generation of Code (aka 'Code Injection')
E, Waterken/Joe-E, Caja: don't do that

CWE-494: Download of Code Without Integrity Check
E, Waterken/Joe-E, Caja: verification / translation

CWE-404: Improper Resource Shutdown or Release
?

CWE-665: Improper Initialization
E, Waterken/Joe-E, Caja: objects inaccessible until initialized

CWE-682: Incorrect Calculation
E: integers
Waterken/Joe-E: integers (so called BigIntegers)
Caja: none

CATEGORY: Porous Defenses

CWE-285: Improper Access Control (Authorization)
?

CWE-327: Use of a Broken or Risky Cryptographic Algorithm
?

CWE-259: Hard-Coded Password
E, Waterken/Joe-E, Caja: don't do that

CWE-732: Insecure Permission Assignment for Critical Resource
?

CWE-330: Use of Insufficiently Random Values
E, Waterken/Joe-E, Caja: don't do that

CWE-250: Execution with Unnecessary Privileges
E, Waterken/Joe-E, Caja: POLA!

CWE-602: Client-Side Enforcement of Server-Side Security
E, Waterken/Joe-E, Caja: don't do that


-- 
Text by me above is hereby placed in the public domain

    Cheers,
    --MarkM


More information about the cap-talk mailing list