Top 10 Vulnerabilities in Web Applications

sverrehu writes "The Open Web Application Security Project (OWASP) has released a well-written document that is a must read for every web programmer out there. This security document is not about firewalls, encryption and patching. It's about common, highly exploitable errors made by the application programmers. Pick up your copy of "The Ten Most Critical Web Application Security Vulnerabilities" from the OWASP web site."

The only safe web server...

[Inflatable+Hippo]

The only safe web server is an un-installed web server.

Vulnerability #11

[Znonymous+Coward]

Microsoft .NET and IIS.

Re:Vulnerability #11

[The+Bungi]

It's funny because Microsoft = bad!
P.S. They also like money!!

Welcome to Slashdot. A few pointers:

• When referring to The Evil Empire, please use '$' instead of 's'. This holds true even if your currency symbol happens to be different as we are USA centric here.
• When using operator overloading to make a point, please use C syntax, as C is the language of the 1337 h^x0r. The statement above is assigning bad to Micro[$]oft instead of testing for equality. Thus, the syntax should be Micro[$]oft == bad!. In most cases, syntactical errors like these will get you tagged as a BASIC programmer, which is a Bad Thing (TM)
• When using more than one exclamation sign at the end of a sentence related to Micro[$]oft, please use the normative money!!1! syntax by inserting a gratuitous 1 (one) character.

Other than that, please feel free to explore the site. Check out the journal features and keep that karma ticker open at all times.

Thanks!

Did you read that press release??!!??

[mcmonkey]

"I like my web servers just like my women...insecure and full of holes waiting to be exploited." --Bill G.

Re:Summary

Ya, but it's missing...

11. Using .NET

#11

Misconfigured Users

Wait just a minute!

[Jonboy+X]

So, you're telling me that I *shouldn't* write web apps with remote exploits, buffer overflows and generally crappy security?!?!? Well color me flabbergasted!

Vulnerability #12

[RollingThunder]

Having information potentially of interest to Slashdot.

Buffy Overflows? Fuel Injection Flaws?

[burgburgburg]

Time for new glasses.

Though I would like to see Buffy overflow every now and then.

And of course, the obvious ....

[Greedo]

11. Getting Slashdotted

Missing

A11 Link on Slashdot

In spite of many alarming examples, the danger associated with having a link to your web site posted on the Slashdot front page continues to be underestimated by many developers of web applications. Neglect of this threat can cause your web server to actually burn through the floor of your computer building in a manner similar to nuclear meltdown.

Buffy

New show on Fox: Buffer the overflow slayer.

wow.

[edrugtrader]

so if i don't check user input, that is bad? glad i spent 10 minutes on company time getting my learn on. i'll be sure to pass this on to all of the other developers.

Re:11) Commonly used passwords

[igottheloot]

yeah, but god is spelled 'gahd', as in sysgahd. don't you know anything about the male ego? i mean gahd damn.

Re:My top 10 list

[CaffeineAddict2001]

You forgot:

11. Buffer Overfloooooooooooooooooooooooooooooooooooooooooooo oooooooooooooooooooooooooooooooooooooooooooooooooo oooooooooooooooooooooooooooooooooooooooooooooooooo oooooooooooooooooooooooooooooooooooooooooooooooooo oooooooooooooooooooooooooooooooooooooooooooooooooo oooooooooows\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x 2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x31\xd2\xb0 \x0b\xcd\x80

root#

Vulnerability number 0

[uberstool]

Being /.'d