Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Checklist for Web Site Programming Vulnerabilities

Watching SO come online has been quite an education for me. I'd like to make a checklist of various vunerabilities and exploits used against web sites, and what programming techniques can be used to defend against them.

  • What categories of vunerabilities?
    • crashing site
    • breaking into server
    • breaking into other people's logins
    • spam
    • sockpuppeting, meatpuppeting
    • etc...
  • What kind of defensive programming techniques?
  • etc...
like image 617
Mark Harrison Avatar asked Aug 26 '08 19:08

Mark Harrison


1 Answers

From the Open Web Application Security Project:

  1. The OWASP Top Ten vulnerabilities (pdf)
  2. For a more painfully exhaustive list: Category:Vulnerability

The top ten are:

  1. Cross-site scripting (XSS)
  2. Injection flaws (SQL injection, script injection)
  3. Malicious file execution
  4. Insecure direct object reference
  5. Cross-site request forgery (XSRF)
  6. Information leakage and improper error handling
  7. Broken authentication and session management
  8. Insecure cryptographic storage
  9. Insecure communications
  10. Failure to restrict URL access
like image 115
Charles Miller Avatar answered Sep 30 '22 01:09

Charles Miller