SANS 25 – Software Errors

Insecure Interaction between Components

• 89 – Improper neutralization of SQL [SQL Injection]
• 78 – OS Command Injection
• 79 – XSS
• 434 – Unrestricted file uploads
• 352 – CSRF
• 601 – Open redirect [URL redirects to un-trusted site]

Risky Resource Management

• 120 – Buffer Overflow
• 22 – Path Traversal
• 494 – Download of code without integrity check
• 829 – Untrusted functionality inclusion
• 676 – Using potentially dangerous functions.
• 131 – incorrect calculation of buffer size.
• 134 – Uncontrolled format string
• 190 – integer overflow or wrap around

Porous Defenses

• 306 – missing authentication of critical function
• 862 – missing authorization
• 798 – using hard-coded passwords
• 311 – missing encryption
• 807 – untrusted input
• 250 – unnecessary privileges
• 863 – incorrect authorization
• 732 – incorrect permission assignment for critical resources
• 327 – Using broken / Risky cryptographic algorithm
• 307 – unrestricted authentication attempts
• 759 – using one way hash without SALT.

 

Social Engineering

• Taking advantage of human nature
• being needy or authorative
• USB Disk dropping
• Written Skills
• Phishing emails
• Targeted Attacks
• Calling the victims to catch them off-guarded
• name dropping technique

Social Engineering – Starting with the Flicks

At last I got some time for for my most beloved yet highly neglected blog. But I am gonna make it habit to pen down every night on this little world of mine.

So when I thought of resuming writing the first chord that hit me was Social Engineering. I know there are biggies who are constantly writing a post or two on this most powerful weapon but every person has his/her special gimmicks. Nope I am not gonna share those in the first post itself, let the wait be worth.

I would like to start with the flicks which amazingly portrayed Social Engineering Tantrums. The whole point behind giving a movie list in the beginning is simple just to cast a spell of this amazing Art of Deception. Watch them in any order but my favorites go like this.

• Catch Me If You Can
• Matchstick Men
• Sneakers
• The Usual Suspects
• Dirty Rotten Scoundrels
• Six Degrees of Separation
• Take down
• Now you see me
• Focus

Although Take Down is just one side of the coin but its a good flick, however if you really want to know what happened in the entire operation go and read The Art of Deception by none other than the man himself Kevin Mitnick.

A shorter version on what part I liked the most in these movies will be forthcoming in the update of this post.

Till then, Viva La Security & have a Security Perspective !!