AppSec Blog

Top 25 Series - Rank 22 - Allocation of Resources Without Limits or Throttling

A number of years ago I was conducting a black box test of a fairly large web application. As part of this testing I used an automated script to send malicious inputs to a number of forms on the site in question. I sent a lot of requests. Turned out that, under the covers, the … Continue reading Top 25 Series - Rank 22 - Allocation of Resources Without Limits or Throttling


Top 25 Series - Rank 18 - Incorrect Calculation of Buffer Size

Incorrect Calculation of Buffer Size (CWE-131) is another shameful member in the buffer overflow family. Buffer overflow is generally caused by copying or moving a piece of data to a smaller memory location hence overwriting some important data in the memory and corrupting the execution path of the computer. The most basic case of buffer … Continue reading Top 25 Series - Rank 18 - Incorrect Calculation of Buffer Size


Top 25 Series - Rank 17 - Integer Overflow Or Wraparound

The author discussion integers, wraparound and how random numbers may very much be non random if you don't know how to read the manual. Continue reading Top 25 Series - Rank 17 - Integer Overflow Or Wraparound


Top 25 Series - Rank 16 - Information Exposure Through an Error Message

Error messages can leak everything from full path names to password. A user should never be exposed to them, unless you expect them to fix the problem for you. Continue reading Top 25 Series - Rank 16 - Information Exposure Through an Error Message


Top 25 Series - Rank 15 - Improper Check for Unusual or Exceptional Conditions

CWE-754 happens when "software does not check or improperly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software." [1] Take the following snippet of Java code as an example: private static final int ROLE_ADMIN = 0; private static final int ROLE_USER = 1; … Continue reading Top 25 Series - Rank 15 - Improper Check for Unusual or Exceptional Conditions