Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Checklist for Web Site Programming Vulnerabilities

Tags:

security

defensive-programming

Watching SO come online has been quite an education for me. I'd like to make a checklist of various vunerabilities and exploits used against web sites, and what programming techniques can be used to defend against them.

  • What categories of vunerabilities?
    • crashing site
    • breaking into server
    • breaking into other people's logins
    • spam
    • sockpuppeting, meatpuppeting
    • etc...
  • What kind of defensive programming techniques?
  • etc...
like image 617
Mark Harrison Avatar asked Aug 26 '08 19:08

Mark Harrison

1 Answers

From the Open Web Application Security Project:

  1. The OWASP Top Ten vulnerabilities (pdf)
  2. For a more painfully exhaustive list: Category:Vulnerability

The top ten are:

  1. Cross-site scripting (XSS)
  2. Injection flaws (SQL injection, script injection)
  3. Malicious file execution
  4. Insecure direct object reference
  5. Cross-site request forgery (XSRF)
  6. Information leakage and improper error handling
  7. Broken authentication and session management
  8. Insecure cryptographic storage
  9. Insecure communications
  10. Failure to restrict URL access
like image 115
Charles Miller Avatar answered Sep 30 '22 01:09

Charles Miller
Sign in to Comment

Related questions

Access token and Refresh token best practices ? How to implement Access & Refresh Tokens
Spring Security - Access is denied (user is not anonymous) spring-security-core-4.0.3.RELEASE
How to save secret key securely in android
Is encrypting AJAX calls for authentication possible with jQuery?
Two realms in same application with Spring Security?
How to do cross-domain authentication securely?
How can I stop my installer from triggering Windows 10's "This app has been blocked for your protection" error?
Anti XSS and Classic ASP
Always return a 404 when you decide to return a 403
Node Security service shutdown: getaddrinfo ENOTFOUND api.nodesecurity.io
What for are the commonly used PKCS-Standards: PKCS#7, PKCS#10 and PKCS#12?
How does Java strings being immutable increase security?
Where to store database credentials in a web app?
Image Uploading - security issues
keytool - see the public and private keys
Best way for a Spring MVC web app to detect a brute force attack?
How to validate the origin of a web service invokation
strcmp vs. == vs. === in PHP for checking hash equality
Determine if Touch ID-Protected Keychain Item Exists?
Interactive command prompt as NETWORK SERVICE

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!