Code Vulnerability Categories

From Guidance Share

Contents 1 Authentication, Authorization, and Trust 2 Cryptography and Secrets 3 Environmental Problems 4 Input Validation 5 Language Feature Misuse 6 Logic Errors 7 Memory 8 Range 9 Synchronization and Timing 10 Type

Authentication, Authorization, and Trust

• Comparing Classes by Name
• Failure to Drop Privileges When Reasonable
• Failure to Check Whether Privileges Were Dropped
• Reflection Attack in an Authentication Protocol
• Capture-Replay
• Trusting Self Reported IP Address
• Trusting Self Reported DNS Name
• Using Referrer Field for Authentication
• Using Single-factor Authentication
• Use of Hard-coded Password
• Weak Password Systems
• Not Allowing Password Aging

Cryptography and Secrets

• Non-cryptographic PRNG
• Insufficient Entropy in PRNG
• Failure of TRNG
• Failure to Follow Chain of Trust in Certificate Validation
• Key Exchange Without Entity Authentication
• Failure to Validate Host-Specific Certificate Data
• Failure to Validate Certificate Expiration
• Failure to Check for Certificate Revocation
• Failure to Encrypt Data
• Failure to Add Integrity Check Value
• Failure to Check Integrity Check Value
• Use of Hard Coded Cryptographic Key
• Storing Passwords in a Recoverable Format
• Using a Broken or Risky Cryptographic Algorithm
• Reusing a Nonce, Key Pair in Encryption
• Using a Key Past its Expiration Date
• Not Using a Random IV with CBC Mode

Environmental Problems

Input Validation

• Cross-site Scripting
• Command Injection
• SQL Injection
• Deserialization of Untrusted Data

Language Feature Misuse

• Failure to Protect Class Data with Accessors

Logic Errors

• Covert Storage Channel
• Invoking Untrusted Mobile Code
• Info Disclosure Through Error Messages
• Info Disclosure Through Data Queries
• Ignored Function Return Value
• Missing Parameter
• Uninitialized Variable
• Deletion of Data-structure Sentinel
• Use of sizeof() on a Pointer Type
• Unintentional Pointer Scaling
• Improper Pointer Subtraction
• Assigning Instead of Comparing
• Comparing Instead of Assigning
• Incorrect Block Delimitation
• Omitted Break Statement
• Improper Cleanup on Thrown Exception
• Uncaught Exception
• Improper Error Handling
• Improper Temp File Opening
• Guessed or Visible Temporary File
• Failure to Deallocate Memory
• Failure to Account for Default Case in Switch

Memory

• Null Pointer Dereference
• Using Freed Memory
• Doubly Freeing Memory

Range

• Buffer Overflow
• Stack Overflow
• Heap Overflow
• Buffer Underwrite
• Integer Overflow
• Unchecked Array Indexing
• Miscalculated Null Termination
• Improper String Length Checking

Synchronization and Timing

• Covert Timing Channel
• Race Condition in Time of Check, Time of Use
• Race Condition in Thread
• Race Condition in Switch
• Race Condition in Signal Handler
• Race Condition in Checking for Certificate Revocation
• Unsafe Function Call from Signal Handler
• Passing Mutable Objects to an Untrusted Method
• Returning Mutable Object to an Untrusted Method

Type

• Format String
• Truncation
• Sign Conversion