The Most Dangerous Software Errors Have Been Identified
American Not-for-profit research organization MITRE has published their 2019 report for the “Top 25 Most Dangerous Software Errors”. In their report, MITRE placed buffer flaws and cross-site scripting at the top of their list.
The CWE list of top 25 most dangerous software errors is a useful reference for software developers and cybersecurity professionals when writing software and designing security solutions.
The number 1 spot on the list is buffer flaws. A buffer flaw is a software mistake that allows for code to be read or written to memory locations that are beyond its intended limits. CVE-2019-1212 was a buffer flaw that was patched by Microsoft on August 13th 2019. It affected a wide range of operating systems including Windows Server 2019, Windows 7 and Windows 10.
Cross site scripting
The second most dangerous software error on the list was cross site scripting. This is when a web application unintentionally allows unauthorized data to enter. Cross-site scripting is most dangerous when paired with a type of cyberattack called watering-hole attacks. These exploit cross site scripting as a middle-step for the ultimate goal of infecting users’ personal computers.
What can you do to against these dangers?
MITRE released the following recommendations to mitigate the risk of buffer flaws when writing code:
- When managing an application’s memory, make sure that the buffer size is the same size as the value that you allocated it.
- If you are using the buffer in a loop, make sure that you are not using more than the allocated space
For cross-scripting, MITRE notes that using a 3rd party firewall can reduce the risk of being infected. This is because situations where the vulnerability cannot be immediately fixed are common.
Contact us today at +1 888 366 4443 or info@gige.ca to learn more about how we can help you design and protect your network.