I got an interesting paper in my email today entitled The 12 Most Common Application Level Hack Attacks? written by Watchfire Corporation. Most development probably know about most of these, but it was nice to see them collected in one place. In a nut shell, these are:
- Cookie Poisoning
- Hidden Field Manipulation
- Parameter Tampering
- Buffer Overflow
- Cross-Site Scripting
- Backdoor and Debug Options
- Forecful Browsing
- HTTP Response Splitting
- Stealth Commanding
- 3rd Party Misconfiguration
- Known Vulnerabilities
- XML & Web Services Vulnerabilities
The white paper also goes into some advice on how to code defensively and avoid these issues, namely:
- Never trust any information that comes from the client, and never assume anything about it
- It is always easier to secure simple login than complex logic
Although a bit basic, it makes interesting reading. Read the whole? white paper? here.
Riccardo Giuntoli on November 26th, 2007
1
Nice list, but these are almost only for web application. Only buffer overflow can be refer to other than webapp.
Best Regards, Riccardo Giuntoli.
Owen on November 27th, 2007
2
@Riccardo: Agreed, the list was really designed for web applications. Sorry about not being clear. I’ve been working with web apps for so long now, that I have a blinkered view of the world !