1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[MUST READ] Top 25 Most Dangerous Software Errors 2011

Discussion in 'General Programming Chat' started by Subsonic, Jul 7, 2011.

  1. Subsonic

    Subsonic Regular Member

    Joined:
    Mar 17, 2011
    Messages:
    367
    Likes Received:
    333
    Location:
    DNS root zone database
    Hey guys! I just saw this and it sure is very important for all the developers out there. For example many of you might deal with SQL so it's good to know that SQL injection is currently considered the biggest security issue in software.

    http://cwe.mitre.org/top25/?2011

    Quote from the site:

    Pick a small number of weaknesses to work with first, and see the Detailed CWE Descriptions for more information on the weakness, which includes code examples and specific mitigations.

    Let's make our software more secure so we or our clients won't get into big problems! ;)
     
    • Thanks Thanks x 1
  2. Ceg3xow

    Ceg3xow Newbie

    Joined:
    Jul 6, 2011
    Messages:
    18
    Likes Received:
    1
    Cool, reading it
     
  3. wowhaxor

    wowhaxor Executive VIP Premium Member

    Joined:
    Apr 28, 2007
    Messages:
    2,021
    Likes Received:
    3,353
    Location:
    ?¿?
    Home Page:
    SQL injection has been a problem for quite a while. The biggest issue is people need know nothing, there's basically point and click apps out there to do it for them.
     
  4. Subsonic

    Subsonic Regular Member

    Joined:
    Mar 17, 2011
    Messages:
    367
    Likes Received:
    333
    Location:
    DNS root zone database
    Yes it is old, but the sad fact is that people still don't know about it or don't care about it..! Just like Cross-site scripting, classic buffer overflow etc.
     
  5. kaherrt

    kaherrt Registered Member

    Joined:
    Jun 16, 2011
    Messages:
    68
    Likes Received:
    9
    Location:
    In Your M!nd
    wtf guys ?! sql injection have nothing to do with software/applications . its just for php scripts webscripts not software, if you are developing a software you have to be sure that its not exploitable to BUFFER OVER FLOW exploits.
     
  6. Subsonic

    Subsonic Regular Member

    Joined:
    Mar 17, 2011
    Messages:
    367
    Likes Received:
    333
    Location:
    DNS root zone database
    You're wrong, do your research. For example, if you have a website which allows users to upload photos and share them it's called a web application. Web applications can be developed with ASP.Net, PHP or even javascript (bundled with HTML of course). Wikipedia article about SQL Injection starts like this:

    I think that you need to read a little bit more because you seem not to know what a web application is:

    http://en.wikipedia.org/wiki/Web_application
    http://webtrends.about.com/od/webapplications/a/web_application.htm

    Good luck with learning the basics of teh internetz :D
     
  7. kaherrt

    kaherrt Registered Member

    Joined:
    Jun 16, 2011
    Messages:
    68
    Likes Received:
    9
    Location:
    In Your M!nd
    rly ? r u trying to act smart or smthn like that ?! in fact i am pentester ! and what you are saying that a SOFTWARE ( DESKTOP APPLICATION ) could be vulnerable to sql injection lolwut !? this is completely wrong , SQL injection would affect MSSQL & MYSQL DATABASES and not any kind of database !

    it seems that you r the guy who have to learn the basics of teh internetz :D

    ya and BTW, dnt argue with something you just read wiki article on it bcz there is too much behind wiki infoz !
     
  8. Subsonic

    Subsonic Regular Member

    Joined:
    Mar 17, 2011
    Messages:
    367
    Likes Received:
    333
    Location:
    DNS root zone database
    Again, I'm not wrong when I talk about software. Web applications can be called software as well. Even though you don't like it too much I'm going to quote Wikipedia again:

    Web pages and desktop applications are two different things but they both belong to software category in general. I also think that those guys who did that research know what they are talking about. If they say that SQL injection is a common danger in software development then it is.

    Edit: I know that most people consider software strictly as desktop application but by definition it's more than that :)
     
    Last edited: Jul 13, 2011
  9. kaherrt

    kaherrt Registered Member

    Joined:
    Jun 16, 2011
    Messages:
    68
    Likes Received:
    9
    Location:
    In Your M!nd
    in a very clear sentence

    Sql injection comes from MSSQL & MYSQL database, so if the database have wrong queries it will cause an sql injection

    so how could it be if a software coded with c++ or c # etc. will be vulnerable to sql injection ?! think abt it
     
  10. RMX

    RMX Power Member

    Joined:
    Nov 16, 2009
    Messages:
    726
    Likes Received:
    389
    Occupation:
    Network Security Admin
    Location:
    London, UK
    Home Page:
    Sorry, mate, but I don't know what kind of penetration tests do you perform, if you don't know what web applications are.. I'm a security expert with more than 15 years of experience, and all that stuff IS in fact called web applications, and any database that works hand in hand with web application, is part of it.
     
    • Thanks Thanks x 1
  11. Subsonic

    Subsonic Regular Member

    Joined:
    Mar 17, 2011
    Messages:
    367
    Likes Received:
    333
    Location:
    DNS root zone database
    Of course desktop application are not vulnerable. The whole point was that web applications are vulnerable (and web applications are one type of software).
     
  12. ShiftySituation

    ShiftySituation Power Member

    Joined:
    Apr 15, 2010
    Messages:
    621
    Likes Received:
    314
    Occupation:
    Having fun
    Location:
    Jacksonville, FL
    I make Windows software all of the time that uses a web server MySQL database for authentication, cloud saving, etc...

    I do see where you are coming from, if an Windows application uses some form of database to save the the information locally, there is no need to inject anything to get direct access to that database because it is "local" and you can just open it and edit it how ever you like.

    Databases on the cloud are protected by a web server and can only be accessed, server-side. With that being said, any query you will ever do to that database is pre-programmed by the developer and ran with PHP or ASP which are "server-side" languages, meaning they run on the web server and can't be ran from anywhere else to achieve the same results. How they are injected is, when a user fills out a form on a website they use escape strings in one of the text box fields to break out the SQL query and then type their own query. Now when that info is sent to the server, the ASP or PHP script should check for and escape special characters like ;"( ) by using a \ which in both PHP and ASP it can be achieved easily but programmers are in such a hurry to get a working prototype, they forget to go back and fix their poor programming ways.

    To conclude, a Windows program CAN'T be subject to SQL injection but the cloud that it accesses can, because that cloud is going to run pre-programmed queries using a PHP or ASP back end. Any website that accepts GET or POST variables and uses those variables to gather info or save info in a database are subject to SQL injection.
     
    • Thanks Thanks x 1
  13. heartdragon

    heartdragon Registered Member

    Joined:
    May 4, 2011
    Messages:
    72
    Likes Received:
    6
    Thanks for this
     
  14. Baybo.it

    Baybo.it Registered Member

    Joined:
    Aug 9, 2011
    Messages:
    72
    Likes Received:
    39
    Occupation:
    Founder of Baybo.it
    Location:
    San Francisco
    Home Page:
    A desktop application certainly can be vulnerable to sql injection if the software has an input field which allows data to be processed over sql without sanitization. It really doesn't matter if the application is a web app or a desktop application. What matters is that the user has the ability to enter input and that there is a way for the input to be processed by some sql like db backend without it first being cleaned.