Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > webappsec > 02 > 120081.html (Request Expert securityfocus.com Support)

FW: Top Ten Web App Sec Problems

From: Keith T. Morgan <keith.morgan(at)terradon.com>
Date: Mon Dec 02 2002 - 11:37:48 EST


Here's what our lead web app developer had to say about it.

-----Original Message-----
From: Jeff Samples
Sent: Monday, December 02, 2002 11:13 AM To: Keith T. Morgan
Subject: RE: Top Ten Web App Sec Problems

  1. SQL Injection via Forms & URL parameters
  2. File Traversal "../" in file uploads
  3. Leaving "Execute" Permissions on folders where uploaded files go
  4. Unhanded errors revealing details about databases & source code
  5. Failure to treat ALL submitted content as malicious, thus leading to numbers 1 & 2 (Input validation)
  6. Unchecked control structures (Do/While looping for example)
  7. Data type validation within code
  8. Using non-expiring cookies for login authentication
  9. Inappropriate user account permissions, one example would be using a domain account to run a site and connect to a database.
  10. Using column names such as "LoginID" Username" "Password" to store authentication information in the database.
Received on Mon Dec 2 15:29:32 2002

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:45 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library