Posted in 面试题 onAugust 22, 2014
From wikipedia
Memory safety violations, such as:
Buffer overflows
Dangling pointers
Input validation errors, such as:
Format string bugs
Improperly handling shell metacharacters so they are interpreted
SQL injection
Code injection
E-mail injection
Directory traversal
Cross-site scripting in web applications
HTTP header injection
HTTP response splitting
Race conditions, such as:
Time-of-check-to-time-of-use bugs
Symlink races
Privilege-confusion bugs, such as:
Cross-site request forgery in web applications
Clickjacking
FTP bounce attack
Privilege escalation
User interface failures, such as:
Warning fatigue [2] or user conditioning [3]
Blaming the Victim Prompting a user to make a security decision without giving the user enough information to answer it [4]
Race Conditions [5]
Memory safety violations, such as:
Buffer overflows
Dangling pointers
Input validation errors, such as:
Format string bugs
Improperly handling shell metacharacters so they are interpreted
SQL injection
Code injection
E-mail injection
Directory traversal
Cross-site scripting in web applications
HTTP header injection
HTTP response splitting
Race conditions, such as:
Time-of-check-to-time-of-use bugs
Symlink races
Privilege-confusion bugs, such as:
Cross-site request forgery in web applications
Clickjacking
FTP bounce attack
Privilege escalation
User interface failures, such as:
Warning fatigue [2] or user conditioning [3]
Blaming the Victim Prompting a user to make a security decision without giving the user enough information to answer it [4]
Race Conditions [5]
软件缺陷的分类都有哪些
声明:登载此文出于传递更多信息之目的,并不意味着赞同其观点或证实其描述。
Tags in this post...
Reply on: @reply_date@
@reply_contents@