Watching SO come online has been quite an education for me. I'd like to make a checklist of various vunerabilities and exploits used against web sites, and what programming techniques can be used to defend against them.

  • What categories of vunerabilities?
  • What kind of defensive programming techniques?
  • etc...
Question author Mark-harrison | Source



From the Open Web Application Security Project:

  1. The OWASP Top Ten vulnerabilities (pdf)
  2. For a more painfully exhaustive list: Category:Vulnerability

The top ten are:

  1. Cross-site scripting (XSS)
  2. Injection flaws (SQL injection, script injection)
  3. Malicious file execution
  4. Insecure direct object reference
  5. Cross-site request forgery (XSRF)
  6. Information leakage and improper error handling
  7. Broken authentication and session management
  8. Insecure cryptographic storage
  9. Insecure communications
  10. Failure to restrict URL access
Answer author Charles-miller

Ask about this question here!