软件测试论坛

 找回密码
 软件测试论坛注册页
查看: 3772|回复: 4

[英文资料] Top 25 common programming bugs every tester should know

  [复制链接]
发表于 2009-3-24 14:59:00 | 显示全部楼层 |阅读模式
软件测试工程师就业班马上开班
Just a quick note to share a useful resource with you. Just came across a good article 25 common programming errors for software programmers and software testers. Basically this is more useful for programmers but I think software testers can get insight on how developers can unknowingly leave bugs in software programs.
Each bug listed in this resource can lead to serious software vulnerabilities if not fixed. The top 25 security bugs list will help programmers to avoid some common but serious coding mistakes. For software testers list will be useful as a security testing checklist for Internet as well as for testing desktop application.

Here are few top security vulnerabilities discussed in detail in this article:
  • Improper input validation
  • Improper escaping of output or encoding
  • SQL injection
  • Cross-site scripting
  • Race conditions
  • Information leak in error messages
  • Error while transmitting sensitive information
  • Memory leak
  • External control of critical data and file paths
  • Improper initialization
  • Improper authorization
  • Client side security checks
I think, the most common security vulnerability mistake developers make is “Client side enforcement of server side security”.
Check out below article so that you can at least help developers for improving their code standards

评分

参与人数 1人品 +10 TT币 +8 收起 理由
小水滴 + 10 + 8

查看全部评分

ISTQB
发表于 2009-3-27 10:26:16 | 显示全部楼层
软件测试工程师就业班马上开班
Not bad , thanks for sharing
ISTQB
发表于 2009-10-27 15:30:30 | 显示全部楼层
软件测试工程师就业班马上开班
very goog ,thanks for sharing
发表于 2009-10-28 14:48:50 | 显示全部楼层
软件测试工程师就业班马上开班
both programmer and tester should take care.
发表于 2010-9-15 16:46:41 | 显示全部楼层
软件测试工程师就业班马上开班
thanks for sharing

本版积分规则

Archiver|手机版|小黑屋|领测软件测试网 ( 京ICP备10010545号-5 )

GMT+8, 2020-11-26 06:36 , Processed in 0.427858 second(s), 15 queries , Xcache On.

Powered by Discuz! X3

© 2001-2013 Comsenz Inc.

快速回复 返回顶部 返回列表