Blog

Hard-Coded-Cred-KrishnaG-CEO

2024 CWE Top 25 Most Dangerous Software Weaknesses: Use of Hard-coded Credentials (CWE-798)

Hard-coded credentials refer to embedding authentication information such as usernames, passwords, API keys, or cryptographic keys directly into the source code. Developers might do this for convenience, testing, or quick deployment. However, these credentials often remain in production, creating vulnerabilities.

NULL-Pointer_Dereference-KrishnaG-CEO

Understanding CWE-476: NULL Pointer Dereference

In software development, a NULL pointer is a pointer variable that does not reference any valid memory location. Dereferencing such a pointer—attempting to access the memory it supposedly points to—results in undefined behaviour. In many systems, this leads to crashes, data corruption, or even exploitable vulnerabilities.

Buffer-Overflow-Vulnerabilities-KrishnaG-CEO

2024 CWE Top 25 Most Dangerous Software Weaknesses: Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)

CWE-119 pertains to scenarios where software operations exceed the allocated memory buffer’s boundaries, leading to buffer overflows. This flaw can result in various adverse consequences, including data corruption, application crashes, and security vulnerabilities exploitable by attackers. A buffer overflow occurs when data written to a memory buffer exceeds its storage capacity, potentially overwriting adjacent memory locations.

Correct-Auth-KrishnaG-CEO

Ensuring Trust Through Correct Authorisation: A Comprehensive Examination of CWE-863

CWE-863: Incorrect Authorisation occurs when an application fails to enforce correct authorisation measures, allowing unauthorised users or processes to access resources, perform operations, or retrieve data that should be off-limits. It is sometimes conflated with authentication flaws, but the essence of CWE-863 lies in improper or missing checks that would otherwise confirm if a user has the necessary permissions to perform a specific action.
From a technical standpoint, one might imagine an application employing robust identity verification (authentication) only to overlook critical checks about what a user is allowed to do once logged in (authorisation). This oversight can be the gateway to data leaks, privilege escalation, or even sabotage of core business processes.