AppSec Blog: Tag - Top25

Top 25 Series - Summary and Links

As requested here are the links to all the posts on the Top 25 Most Dangerous Programming Errors. Please let us know if you have any suggestions or comments. 1 - Cross-Site Scripting (XSS) 2 - SQL Injection 3 - Classic Buffer Overflow 4 - Cross-Site Request Forgery (CSRF) 5 - Improper Access Control (Authorization) … Continue reading Top 25 Series - Summary and Links


Top 25 Series - Rank 20 - Download of Code Without Integrity Check

Checking the integrity of code you download is important and has to be done not just for the initial download, but for updates as well. We will discuss the options to implement integrity checks correctly. Continue reading Top 25 Series - Rank 20 - Download of Code Without Integrity Check


Top 25 Series - Rank 25 - Race Conditions

Flying a lot, it happens once in a while that I arrive at the airport early enough to be offered to check in on an earlier flight. Usually the check-in Kiosk offers the option and lists the flight. Last year, I tried to took advantage of this offer, only to be told that the fligt … Continue reading Top 25 Series - Rank 25 - Race Conditions


Top 25 Series - Rank 24 - Use of a Broken or Risky Cryptographic Algorithm

There are a few rules every developer should follow when applying encryption: - don't invent your own algorithm Cryptography is a difficult topic, best left to the experts. Implementing encryption algorithms is difficult and there are many traps waiting. Many times, you can get away with a broken custom algorithm, but only because nobody challenges … Continue reading Top 25 Series - Rank 24 - Use of a Broken or Risky Cryptographic Algorithm


Top 25 Series - Rank 23 - Open Redirect

Open redirect (CWE-601) allows phishing attack to be more effective. Redirection is commonly used within all web applications for various purposes. From the login page, it is a common practice to redirect the user to another page once the user logs in. Sometimes the user goes directly to a content page and is redirected to … Continue reading Top 25 Series - Rank 23 - Open Redirect