染雾软件缺陷的分类都有哪些
From
Memory safety violations, such as:
Buffer overflows
Dangling pointers
Input validation errors, such as:
Format string bugs
Improperly handling shell metacharacters so they are interpreted
Code injection
E-mail injection
Directory traversal
Cross-site scripting in web applications
HTTP header injection
HTTP response splitting
Race conditions, such as:
Time-of-check-to-time-of-use bugs
Symlink races
Privilege-confusion bugs, such as:
Cross-site request forgery in web applications
Clickjacking
FTP bounce attack
Privilege escalation
User interface failures, such as:
Warning fatigue or user conditioning
Blaming the Victim Prompting a user to make a security decision without giving the user enough information to answer it
Race Conditions
参考翻译:
从维基百科
内存安全违规,如:
缓冲区溢出
悬空指针
输入验证错误,如:
格式字符串错误
处理不当,shell元字符,所以他们解释
SQL注入
代码注入
电子邮件注入
目录遍历
网络应用中的跨站点脚本
HTTP头注入
HTTP响应拆分
种族条件,如:
检查时间的使用错误
符号链接的种族
特权混淆的.错误,如:
网络应用中的跨站点请求伪造
点击劫持
FTP反弹攻击
特权升级
用户界面失败,如:
警告疲劳或用户调节
指责受害者促使用户做出安全决定,而不给予用户足够的信息来回答它
比赛条件
