AppSec Blog: Daily Archives: Mar 25, 2010

Top 25 Series - Rank 24 - Use of a Broken or Risky Cryptographic Algorithm

There are a few rules every developer should follow when applying encryption: - don't invent your own algorithm Cryptography is a difficult topic, best left to the experts. Implementing encryption algorithms is difficult and there are many traps waiting. Many times, you can get away with a broken custom algorithm, but only because nobody challenges … Continue reading Top 25 Series - Rank 24 - Use of a Broken or Risky Cryptographic Algorithm


Top 25 Series - Rank 23 - Open Redirect

Open redirect (CWE-601) allows phishing attack to be more effective. Redirection is commonly used within all web applications for various purposes. From the login page, it is a common practice to redirect the user to another page once the user logs in. Sometimes the user goes directly to a content page and is redirected to … Continue reading Top 25 Series - Rank 23 - Open Redirect