Some of the programming mistakes lead to serious security issues (vulnerabilities). This programming errors very important to deal with because these costs companies a lot in terms of money, customer confidence on product. Some of these may cause
-> threaten the confidentiality of private information
-> threaten the integrity of data and operations
->threaten to disrupt availability of critical systems
-> Escalate the privileges of unauthorized users
1. Check for integer overflow.
While calculating Fibanoci seris or factorial, the next value may exeed the MAX interger value, make sure to check for the overflow condition.
2. Create temporary file with mkstemp(3C) mkdtemp(3C)
Most common progrmming mistake is creating temporary file with a well known names or predictable names like tmp.$$ or tmp.pid. If a malicious user predicts this temp file pattern, we will create them in advance and try to manage them with his own data or cause application crash.
3. Buffer overflow issues with string operations.
people say use strn series functions for string operations.The strncpy() functions are preferable to strcpy() because they accept boundaries for buffers that can be checked against. However, they are still vulnerable to certain attacks if used improperly:
a. passing of NULL for src or dest causes exception
b. ‘count’ size parameter is often incorrectly passed in
c. not guaranteed to have null terminated string upon exit
Make sure the buffer and bounds are the proper size to hold the source string plus a NULL character.
4.Improper Input Validation
5. Web application security : For more information about application security, especially Web
applications, see the Open Web Application Security Project (OWASP) at http://www.owasp.org.