[cap-talk] SANS Institute's "25 Most Dangerous Programming Errors"
Mark Miller
erights at gmail.com
Mon Jan 12 18:19:48 EST 2009
On Mon, Jan 12, 2009 at 1:22 PM, Chip Morningstar <chip at fudco.com> wrote:
> The SANS Institute just released a PR missive declaring "the 25 most dangerous
> programming errors", in the consensus of a bunch of experts from the
> conventional security establishment.
>
> http://www.sans.org/top25errors/
>
> By my count, at least 11 of the 25 are confused deputy problems.
>
> Sounds like a rhetorical opportunity for somebody here. Tyler?
Here's a rough cut on "How do the ocap platforms help address these":
CATEGORY: Insecure Interaction Between Components
CWE-20: Improper Input Validation
E: soft types, auditing
Waterken/Joe-E: static types, built-in auditors
Caja: none until ES-Harmony
CWE-116: Improper Encoding or Escaping of Output
E: quasiliterals
Waterken/Joe-E: none
Caja: secure string interpolation
CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection')
E: quasiliterals
Waterken/Joe-E: none
Caja: secure string interpolation
CWE-79: Failure to Preserve Web Page Structure (aka 'Cross-site Scripting')
E: quasiliterals
Waterken/Joe-E: none
Caja: secure string interpolation, sanitizing html
CWE-78: Failure to Preserve OS Command Structure (aka 'OS Command Injection')
E: quasiliterals
Waterken/Joe-E: none
Caja: secure string interpolation, sanitizing html
CWE-319: Cleartext Transmission of Sensitive Information
E: captp
Waterken/Joe-E: https
Caja: https
CWE-352: Cross-Site Request Forgery (CSRF)
E, Waterken/Joe-E, Caja: object-capabilities deconfuse deputies
CWE-362: Race Condition
E, Waterken/Joe-E, Caja: Event-loop concurrency
CWE-209: Error Message Information Leak
E: sealed errors, stack traces
Waterken/Joe-E: sealed stack traces
Caja: sealed stack traces
CATEGORY: Risky Resource Management
CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer
E, Waterken/Joe-E, Caja: memory safety
CWE-642: External Control of Critical State Data
E, Waterken/Joe-E, Caja: object-capabilities deconfuse deputies
CWE-73: External Control of File Name or Path
E, Waterken/Joe-E, Caja: object-capabilities deconfuse deputies
CWE-426: Untrusted Search Path
E, Waterken/Joe-E, Caja: object-capabilities deconfuse deputies
CWE-94: Failure to Control Generation of Code (aka 'Code Injection')
E, Waterken/Joe-E, Caja: don't do that
CWE-494: Download of Code Without Integrity Check
E, Waterken/Joe-E, Caja: verification / translation
CWE-404: Improper Resource Shutdown or Release
?
CWE-665: Improper Initialization
E, Waterken/Joe-E, Caja: objects inaccessible until initialized
CWE-682: Incorrect Calculation
E: integers
Waterken/Joe-E: integers (so called BigIntegers)
Caja: none
CATEGORY: Porous Defenses
CWE-285: Improper Access Control (Authorization)
?
CWE-327: Use of a Broken or Risky Cryptographic Algorithm
?
CWE-259: Hard-Coded Password
E, Waterken/Joe-E, Caja: don't do that
CWE-732: Insecure Permission Assignment for Critical Resource
?
CWE-330: Use of Insufficiently Random Values
E, Waterken/Joe-E, Caja: don't do that
CWE-250: Execution with Unnecessary Privileges
E, Waterken/Joe-E, Caja: POLA!
CWE-602: Client-Side Enforcement of Server-Side Security
E, Waterken/Joe-E, Caja: don't do that
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list