AppSec Blog: Author - Jason Lam

Top 25 Series - Rank 18 - Incorrect Calculation of Buffer Size

Incorrect Calculation of Buffer Size (CWE-131) is another shameful member in the buffer overflow family. Buffer overflow is generally caused by copying or moving a piece of data to a smaller memory location hence overwriting some important data in the memory and corrupting the execution path of the computer. The most basic case of buffer … Continue reading Top 25 Series - Rank 18 - Incorrect Calculation of Buffer Size


Top 25 Series - Rank 14 - Improper Validation of Array Index

Improper Validation of Array Index (CWE-129) is a flaw related to improper use of user input. Most programming languages has support for array structure. Objects within the array can be indexed by numeric value such as [0] which points to the first object in the array or [5] which points to the 6th object in … Continue reading Top 25 Series - Rank 14 - Improper Validation of Array Index


Top 25 Series - Rank 12 - Buffer Access with Incorrect Length Value

Buffer Access with Incorrect Length Value (CWE-805) is in close relationship with Classic buffer overflow (CWE-120). Class buffer overflow is caused by copying buffer without checking for length. Buffer Access with Incorrect Length when length is in consideration but the actual length defined is not sufficient. The end result of this vulnerability is buffer overflow. … Continue reading Top 25 Series - Rank 12 - Buffer Access with Incorrect Length Value


Top 25 Series - Rank 4 - Cross Site Request Forgery

Cross Site Request Forgery (CWE-352) is one of the more common vulnerabilities in existent today. Although it is relatively common, not all instances of vulnerability provide sufficient incentive for an attacker to exploit the vulnerability. The vulnerability is based on the fact that the web application assumes any request by the user is a legitimate … Continue reading Top 25 Series - Rank 4 - Cross Site Request Forgery


Top 25 Series - Rank 3 - Classic Buffer Overflow

Classic buffer overflow (CWE-120) is a huge problem in programming, we have all seen the damage that can be done by buffer overflow. There were numerous worms that leveraged this vulnerability in the early 2000's. Starting from the Morris worm early on, extending to the Code Red and SQL Slammer, they are all proof that … Continue reading Top 25 Series - Rank 3 - Classic Buffer Overflow