Thursday, February 18, 2010

Top 25 Most Dangerous Programming Errors

Came across this nice article.

nkScoreIDName
[1]346CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
[2]330CWE-89Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')
[3]273CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
[4]261CWE-352Cross-Site Request Forgery (CSRF)
[5]219CWE-285Improper Access Control (Authorization)
[6]202CWE-807Reliance on Untrusted Inputs in a Security Decision
[7]197CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
[8]194CWE-434Unrestricted Upload of File with Dangerous Type
[9]188CWE-78Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')
[10]188CWE-311Missing Encryption of Sensitive Data
[11]176CWE-798Use of Hard-coded Credentials
[12]158CWE-805Buffer Access with Incorrect Length Value
[13]157CWE-98Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
[14]156CWE-129Improper Validation of Array Index
[15]155CWE-754Improper Check for Unusual or Exceptional Conditions
[16]154CWE-209Information Exposure Through an Error Message
[17]154CWE-190Integer Overflow or Wraparound
[18]153CWE-131Incorrect Calculation of Buffer Size
[19]147CWE-306Missing Authentication for Critical Function
[20]146CWE-494Download of Code Without Integrity Check
[21]145CWE-732Incorrect Permission Assignment for Critical Resource
[22]145CWE-770Allocation of Resources Without Limits or Throttling
[23]142CWE-601URL Redirection to Untrusted Site ('Open Redirect')
[24]141CWE-327Use of a Broken or Risky Cryptographic Algorithm
[25]138CWE-362Race Condition

Full article is found here

Monday, November 30, 2009

Riding the tech wave part 1

Yes the seas are rough and time to time there are those huge trend waves. You need a good boat with right equipment and on top of that you need to train the sailor within you.

Let us share our experience riding this wave. First I will talk about the boat and the equipment. Yes I know you have already chosen your boat. Let it be proprietary technologies like Microsoft or open source technologies like PHP, Apache, etc. For those who are still at the shores trying to figure out which boat to choose, read on and you will get some directions to choose your boat.

Since I am familiar with web development using Microsoft technologies, I will brief on the equipment available for you to choose. Whichever technology you use your first and most reliable source of information is your technology provider. They know what happens under the hood and are willing to help you solve your problems because if technology is hard to use then it is safe to assume that the technology is not here to stay for a long period of time.

So if you start with the design aspect of the web application there are some great sites.

This is a great site which helps you to decide on color scheme of the site. And then there is this flexible template.
There are few other great sites like
I will continue this in another blog post.

Sunday, August 23, 2009

Augmented Reality

Have you ever thought that reality is less informative? Ok let me give a simple example to give you a clear idea what I am talking about here. Back in the days when we watch cricket matches people have concerns when they see an umpire give a “Leg before Wicket” decision. Couple of years back television broadcaster displayed strip on the from bowlers end to batsman’s end. This gave viewers clear idea where the ball pitched. Get it?

Now you might think this is a simple idea, what’s so special about it? Take a moment to think about the many applications of Augmented Reality.

Here are some examples





Some applications

So why is this so important? More information (accurate, real time) there is more accurate the decision will become. Augmented Reality is the perfect candidate for this.
Web 2.0, SaaS has their own unique applications, but AR is aggressively entering their territories. At least in mobile devices.

Don’t let your eyes and ears deceive you!!

Saturday, July 25, 2009

Hello World!

Hi all, welcome to my tech blog. First let me give you some background info. This is Eranga. Graduated from university of Colombo and now working at Central Finance PLC as a Developer.

I will be blogging on technology related topics. Will try my best to share my thoughts and experience with you. So visit regularly.

kthx
Eranga