/ Archive by category 'mob'

Archive for the ‘mob’ Category

2009 CWE/SANS Top 25 Most Dangerous Programming Errors

Monday, January 12th, 2009

This is a handy list to have.  This is the top 25 most dangerous programming errors relating to the web and keeping websites (and user data) safe. Be sure when you are building and using frameworks that you do test or expect these types of behaviors.

The Top 25 is organized into three high-level categories that contain multiple CWE entries.

Insecure Interaction Between Components

These weaknesses are related to insecure ways in which data is sent and received between separate components, modules, programs, processes, threads, or systems.

  • CWE-20: Improper Input Validation
  • CWE-116: Improper Encoding or Escaping of Output
  • CWE-89: Failure to Preserve SQL Query Structure (aka ‘SQL Injection’)
  • CWE-79: Failure to Preserve Web Page Structure (aka ‘Cross-site Scripting’)
  • CWE-78: Failure to Preserve OS Command Structure (aka ‘OS Command Injection’)
  • CWE-319: Cleartext Transmission of Sensitive Information
  • CWE-352: Cross-Site Request Forgery (CSRF)
  • CWE-362: Race Condition
  • CWE-209: Error Message Information Leak

Risky Resource Management

The weaknesses in this category are related to ways in which software does not properly manage the creation, usage, transfer, or destruction of important system resources.

  • CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer
  • CWE-642: External Control of Critical State Data
  • CWE-73: External Control of File Name or Path
  • CWE-426: Untrusted Search Path
  • CWE-94: Failure to Control Generation of Code (aka ‘Code Injection’)
  • CWE-494: Download of Code Without Integrity Check
  • CWE-404: Improper Resource Shutdown or Release
  • CWE-665: Improper Initialization
  • CWE-682: Incorrect Calculation

Porous Defenses

The weaknesses in this category are related to defensive techniques that are often misused, abused, or just plain ignored.

  • CWE-285: Improper Access Control (Authorization)
  • CWE-327: Use of a Broken or Risky Cryptographic Algorithm
  • CWE-259: Hard-Coded Password
  • CWE-732: Insecure Permission Assignment for Critical Resource
  • CWE-330: Use of Insufficiently Random Values
  • CWE-250: Execution with Unnecessary Privileges
  • CWE-602: Client-Side Enforcement of Server-Side Security

Tags: , , , ,
Posted in mob, philosophy, programming, standards, technology | No Comments »

REST Pattern

Monday, June 30th, 2008

UNIVERSITY OF CALIFORNIA, IRVINE

Architectural Styles and
the Design of Network-based Software Architectures

DISSERTATION

submitted in partial satisfaction of the requirements for the degree of

DOCTOR OF PHILOSOPHY

in Information and Computer Science

by

Roy Thomas Fielding

2000

Dissertation Committee:
Professor Richard N. Taylor, Chair
Professor Mark S. Ackerman
Professor David S. Rosenblum

PDF Editions

1-column for viewing online
2-column for printing

Table of Contents

Dedication
Acknowledgments
Curriculum Vitae
Abstract of the Dissertation
Introduction
CHAPTER 1: Software Architecture
1.1 Run-time Abstraction
1.2 Elements
1.3 Configurations
1.4 Properties
1.5 Styles
1.6 Patterns and Pattern Languages
1.7 Views
1.8 Related Work
1.9 Summary
CHAPTER 2: Network-based Application Architectures
2.1 Scope
2.2 Evaluating the Design of Application Architectures
2.3 Architectural Properties of Key Interest
2.4 Summary
CHAPTER 3: Network-based Architectural Styles
3.1 Classification Methodology
3.2 Data-flow Styles
3.3 Replication Styles
3.4 Hierarchical Styles
3.5 Mobile Code Styles
3.6 Peer-to-Peer Styles
3.7 Limitations
3.8 Related Work
3.9 Summary
CHAPTER 4: Designing the Web Architecture: Problems and Insights
4.1 WWW Application Domain Requirements
4.2 Problem
4.3 Approach
4.4 Summary
CHAPTER 5: Representational State Transfer (REST)
5.1 Deriving REST
5.2 REST Architectural Elements
5.3 REST Architectural Views
5.4 Related Work
5.5 Summary
CHAPTER 6: Experience and Evaluation
6.1 Standardizing the Web
6.2 REST Applied to URI
6.3 REST Applied to HTTP
6.4 Technology Transfer
6.5 Architectural Lessons
6.6 Summary
Conclusions
References

List of Figures

Figure 5-1. Null Style
Figure 5-2. Client-Server
Figure 5-3. Client-Stateless-Server
Figure 5-4. Client-Cache-Stateless-Server
Figure 5-5. Early WWW Architecture Diagram
Figure 5-6. Uniform-Client-Cache-Stateless-Server
Figure 5-7. Uniform-Layered-Client-Cache-Stateless-Server
Figure 5-8. REST
Figure 5-9. REST Derivation by Style Constraints
Figure 5-10. Process View of a REST-based Architecture

List of Tables

Table 3-1. Evaluation of Data-flow Styles for Network-based Hypermedia
Table 3-2. Evaluation of Replication Styles for Network-based Hypermedia
Table 3-3. Evaluation of Hierarchical Styles for Network-based Hypermedia
Table 3-4. Evaluation of Mobile Code Styles for Network-based Hypermedia
Table 3-5. Evaluation of Peer-to-Peer Styles for Network-based Hypermedia
Table 3-6. Evaluation Summary
Table 5-1. REST Data Elements
Table 5-2. REST Connectors
Table 5-3. REST Components
[] © Roy Thomas Fielding, 2000. All rights reserved. [How to reference this work.]

Tags: , , , , , , ,
Posted in baseplane, generation, mob, open, philosophy, programming, services, standards, technology | No Comments »

Your Ad Here
Your Ad Here

baseplane – technology platforms is proudly powered by WordPress
Entries (RSS) and Comments (RSS).

Unless othewise specified the content in this site is licensed under a Creative Commons License
Your Ad Here Your Ad Here Your Ad Here Your Ad Here