Introduction
The 2011 CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in software. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.
This guide provides a quick overview about Intershop's approaches to avoid such vulnerabilities.
References
- Guide - OWASP Top Ten Project 2013
- Concept - Cross-Site Request Forgery Guard
- Cookbook - Cross-Site Request Forgery Guard
Style Guides
- Guide - EDL Modeling Style Guide
- Guide - REST Style Guide
- Guide - Pipelet Style Guide
- Guide - Pipeline Style Guide
- Guide - ISML Template Style Guide
- Guide - Java Source Code Style Guide
- Guide - JavaScript Developer Guideline
SANS Top 25
| Rank | Score | ID | Name | Intershop's solution |
|---|---|---|---|---|
| 1 | 93.8 | CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | To avoid SQL injection vulnerability, only prepared statements with parameter binding are used. See also Guide - OWASP Top Ten Project 2013. |
| 2 | 83.3 | CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | Intershop does not execute any OS commands. |
| 3 | 79.0 | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | Intershop is Java-based and buffer overflows cannot happen. |
| 4 | 77.7 | CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Intershop uses ISML encoding (<isprint> tag or
stringToHTML() function). Additional encoding handlers can be registered and used for custom encoding requirements. |
| 5 | 76.9 | CWE-306 | Missing Authentication for Critical Function | Every critical function is available for authenticated users only. |
| 6 | 76.8 | CWE-862 | Missing Authorization | Intershop uses role and permission based authorization. Permissions are checked automatically for every function in the prefix-pipeline. |
| 7 | 75.0 | CWE-798 | Use of Hard-coded Credentials | There are no hard-coded credentials used in Intershop. |
| 8 | 75.0 | CWE-311 | Missing Encryption of Sensitive Data | Intershop's encryption library uses standard encryption algorithms and implementations. All sensitive data can be encrypted. |
| 9 | 74.0 | CWE-434 | Unrestricted Upload of File with Dangerous Type | There is no file upload possibility in the storefront.Upload of files in the management application is only possible for authorized users. File validation for import files is implemented. Additional checks can be added as customization. |
| 10 | 73.8 | CWE-807 | Reliance on Untrusted Inputs in a Security Decision | Does not happen in the standard product. Ensured by code reviews. |
| 11 | 73.1 | CWE-250 | Execution with Unnecessary Privileges | The application servers and web servers use their own users with their own permissions. |
| 12 | 70.1 | CWE-352 | Cross-Site Request Forgery (CSRF) | See Concept - Cross-Site Request Forgery Guard and Cookbook - Cross-Site Request Forgery Guard. |
| 13 | 69.3 | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Checks in the prefix-pipeline and special pipelets that validate paths. |
| 14 | 68.5 | CWE-494 | Download of Code Without Integrity Check | Intershop never downloads source codes. Downloads of binary software artifacts happens through a secure channel. |
| 15 | 67.8 | CWE-863 | Incorrect Authorization | Intershop has standard ACL permission checks for every functionality (pipelines). Additionally pipelines have a visibility property, so that internal pipelines cannot be called externally. |
| 16 | 66.0 | CWE-829 | Inclusion of Functionality from Untrusted Control Sphere | 3rd party libraries are selected carefully and are regularly checked to security vulnerabilities (e.g., VersionEye). |
| 17 | 65.5 | CWE-732 | Incorrect Permission Assignment for Critical Resource | Intershop has standard ACL permission checks for every functionality (pipelines). Roles can be assigned in Intershop Studio. |
| 18 | 64.6 | CWE-676 | Use of Potentially Dangerous Function | Does only affect C and C++, Intershop is Java-based. |
| 19 | 64.1 | CWE-327 | Use of a Broken or Risky Cryptographic Algorithm | Intershop's encryption library uses standard encryption algorithms and implementations. Algorithms are configurable. |
| 20 | 62.4 | CWE-131 | Incorrect Calculation of Buffer Size | Does only affect C and C++, Intershop is Java based. |
| 21 | 61.5 | CWE-307 | Improper Restriction of Excessive Authentication Attempts | Intershop has a mechanism that counts failed login attempts and disables the account for a certain period. Additionally captchas are supported. |
| 22 | 61.1 | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') | The prefix-pipeline checks ensure that redirect targets cannot come from parameters. |
| 23 | 61.0 | CWE-134 | Uncontrolled Format String | Does not apply to Java. |
| 24 | 60.3 | CWE-190 | Integer Overflow or Wraparound | Intershop uses code reviews and static code analysis. |
| 25 | 59.9 | CWE-759 | Use of a One-Way Hash without a Salt | Intershop uses PBKDF2 with large random "Salt" values for unique password hashes. |