Software Insecurity: Risky Resource Management


The weaknesses in this category are related to ways in which software does not properly manage the creation, usage, transfer, or destruction of important system resources.

image

CWE-120
Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)

CWE-22
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

CWE-494
Download of Code Without Integrity Check

CWE-829
Inclusion of Functionality from Untrusted Control Sphere

CWE-676
Use of Potentially Dangerous Function

CWE-131
Incorrect Calculation of Buffer Size

CWE-134
Uncontrolled Format String

CWE-190
Integer Overflow or Wraparound

Reference: http://www.sans.org/top25-software-errors/#cat1

See my other blogs at:

See my colleagues blogs at:

Comments (0)