Slashdot Mirror

← Back to Stories (view on slashdot.org)

Top 10 Vulnerabilities in Web Applications

Posted by Hemos on from the learning-from-the-mistakes-of-others dept.

sverrehu writes "The Open Web Application Security Project (OWASP) has released a well-written document that is a must read for every web programmer out there. This security document is not about firewalls, encryption and patching. It's about common, highly exploitable errors made by the application programmers. Pick up your copy of "The Ten Most Critical Web Application Security Vulnerabilities" from the OWASP web site."

11 of 229 comments (clear)

  1. Did you read that press release??!!?? by mcmonkey · · Score: 5, Funny

    "I like my web servers just like my women...insecure and full of holes waiting to be exploited." --Bill G.

  2. #11 by Anonymous Coward · · Score: 3, Funny

    Misconfigured Users

  3. Wait just a minute! by Jonboy+X · · Score: 4, Funny

    So, you're telling me that I *shouldn't* write web apps with remote exploits, buffer overflows and generally crappy security?!?!? Well color me flabbergasted!

    --

    "In a 32-bit world, you're a 2-bit user. You've got your own newsgroup, alt.total.loser." -Weird Al
  4. Vulnerability #12 by RollingThunder · · Score: 5, Funny

    Having information potentially of interest to Slashdot.

  5. Buffy Overflows? Fuel Injection Flaws? by burgburgburg · · Score: 3, Funny
    Time for new glasses.

    Though I would like to see Buffy overflow every now and then.

  6. And of course, the obvious .... by Greedo · · Score: 5, Funny

    11. Getting Slashdotted

    --
    Tuus crepidae innexilis sunt.
  7. Missing by Anonymous Coward · · Score: 5, Funny

    A11 Link on Slashdot

    In spite of many alarming examples, the danger associated with having a link to your web site posted on the Slashdot front page continues to be underestimated by many developers of web applications. Neglect of this threat can cause your web server to actually burn through the floor of your computer building in a manner similar to nuclear meltdown.

  8. Re:11) Commonly used passwords by igottheloot · · Score: 2, Funny

    yeah, but god is spelled 'gahd', as in sysgahd. don't you know anything about the male ego? i mean gahd damn.

  9. Re:My top 10 list by CaffeineAddict2001 · · Score: 5, Funny

    You forgot:

    11. Buffer Overfloooooooooooooooooooooooooooooooooooooooooooo oooooooooooooooooooooooooooooooooooooooooooooooooo oooooooooooooooooooooooooooooooooooooooooooooooooo oooooooooooooooooooooooooooooooooooooooooooooooooo oooooooooooooooooooooooooooooooooooooooooooooooooo oooooooooows\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x 2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x31\xd2\xb0 \x0b\xcd\x80

    root#

  10. Re:Vulnerability #11 by The+Bungi · · Score: 5, Funny
    It's funny because Microsoft = bad!
    P.S. They also like money!!

    Welcome to Slashdot. A few pointers:

    • When referring to The Evil Empire, please use '$' instead of 's'. This holds true even if your currency symbol happens to be different as we are USA centric here.
    • When using operator overloading to make a point, please use C syntax, as C is the language of the 1337 h^x0r. The statement above is assigning bad to Micro[$]oft instead of testing for equality. Thus, the syntax should be Micro[$]oft == bad!. In most cases, syntactical errors like these will get you tagged as a BASIC programmer, which is a Bad Thing (TM)
    • When using more than one exclamation sign at the end of a sentence related to Micro[$]oft, please use the normative money!!1! syntax by inserting a gratuitous 1 (one) character.
    Other than that, please feel free to explore the site. Check out the journal features and keep that karma ticker open at all times.

    Thanks!

  11. Vulnerability number 0 by uberstool · · Score: 2, Funny

    Being /.'d