CWE Flashcards

Type Checking (§6.12)

Process of verifying the compatibility of data types in a programming language. It ensures that operations are performed on appropriate data types, preventing type errors and ensuring program correctness. Type checking can be done statically (during compilation) or dynamically (during runtime).

Strong Typing (§6.13)

A programming language feature that enforces strict type checking, ensuring that variables and expressions are used in a consistent and compatible manner. It helps catch type-related errors at compile-time, reducing the risk of runtime errors. Strong typing promotes code reliability and readability by providing clear and explicit data type requirements.

Type Equivalence (§6.14)

Determines if two types are considered identical based on their structure, name, and compatibility. It ensures that variables of different types cannot be assigned to each other.

Arithmetic Expressions (§7.2)

Mathematical expressions that consist of numbers, operators (+, -, *, /), and parentheses. They are used to perform calculations in programming languages and follow specific rules of precedence.

Overloaded operators (§7.3)

Overloaded operators are special functions in C++ that allow operators to be used with user-defined data types. They enable custom behavior for operators like +, -, *, /, etc., when applied to objects of a class. This allows for more intuitive and flexible programming, as operators can be used with user-defined types just like with built-in types.

Relational and Boolean Expressions (§7.4)

Relational expressions compare two values and return true or false. They use operators like ==, !=, <, >, <=, and >=. Boolean expressions combine relational expressions using logical operators like && (and), || (or), and ! (not). They evaluate to true or false.

Type Conversions (§7.5)

Process of converting one data type to another in a programming language. Can be implicit or explicit. Implicit conversion occurs automatically, while explicit conversion requires a cast operator. Used to ensure compatibility between different data types in expressions and assignments.

Short-circuit evaluation (§7.6)

Evaluation of a logical expression stops as soon as the final outcome is determined. If the outcome can be determined by evaluating only a subset of the expressions, the remaining expressions are not evaluated.

Assignment Statements (§7.7)

Statements that assign a value to a variable or object. Used to store and update data in programming languages. Examples: x = 5, y = "Hello", z = x + 3.

Mixed Mode Assignment (§7.8)

Mixed mode assignment is when the two sides of the assignment are not the same type. int total = 2.0 × 3. Here the right hand side is a float, while the left is an int. This is mixed-mode assignment.

Selection Statements (§8.2)

Statements that control the flow of a program based on certain conditions. They include if, if-else, and switch statements.

Iterative Statements (§8.3)

Statements that allow a program to repeat a block of code multiple times until a certain condition is met. Examples include "while" and "for" loops.

Local referencing environments (§9.4)

This happens when sub programs can define their own variables, thereby defining local referencing environments. Variables that are defined inside subprograms are local to that subprogram and not to the main program.

Parameter passing methods (§9.5)

Pass-by-value: Copies the value of the argument into the parameter. Changes to the parameter do not affect the original argument.

Pass-by-reference: Passes the memory address of the argument into the parameter. Changes to the parameter also affect the original argument.

CWE-787: Out-of-bounds Write

A software vulnerability where a program writes data beyond the boundaries of a buffer or array, potentially overwriting adjacent memory. This can lead to crashes, data corruption, or even remote code execution if exploited by an attacker. Proper input validation and boundary checks are essential to prevent this vulnerability.

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting’)

Failure to properly neutralize user input on web pages, leading to cross-site scripting (XSS) vulnerabilities. Allows attackers to inject malicious scripts into trusted websites, compromising user data and executing unauthorized actions. Commonly occurs when input is not properly validated or encoded before being displayed on a web page.

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Type of software vulnerability that occurs when an attacker injects malicious SQL code into an application's database query. Can lead to unauthorized access, data manipulation, or even complete control over the database.

CWE-20: Improper Input Validation

Failure to properly validate input can lead to security vulnerabilities. CWE-20 refers to the improper input validation that allows attackers to inject malicious data into a system. It can result in various attacks like SQL injection, cross-site scripting (XSS), and buffer overflow. Proper input validation is crucial to prevent these vulnerabilities.

CWE-125: Out-of-bounds Read

Type of vulnerability that occurs when a program reads data from a memory location outside the boundaries of an array or buffer. Can lead to information disclosure, crashes, or even remote code execution.

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection’)

Vulnerability that allows attackers to execute arbitrary commands on a target system. Occurs when user input is not properly validated or sanitized before being used in an operating system command. Can lead to unauthorized access, data breaches, and system compromise. Commonly exploited through web applications.

CWE-416: Use After Free

Type of vulnerability where a program uses a memory object after it has been freed. Can lead to crashes, memory corruption, or execution of malicious code.

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal’)

Allows unauthorized access to files by manipulating paths. Occurs when input validation fails to restrict directory traversal attacks.

CWE-352: Cross-Site Request Forgery (CSRF)

Exploits the trust between a user's browser and a website to perform unauthorized actions on behalf of the user without their knowledge or consent.

CWE-434: Unrestricted Upload of File with Dangerous Type

• Allows users to upload files without proper validation

• Can lead to execution of malicious code

• Implement file type checks and whitelist allowed extensions

• Sanitize user input to prevent path traversal attacks

CWE-476: NULL Pointer Dereference

NULL Pointer Dereference Occurs when a program tries to access or dereference a memory location that has a NULL value. Can lead to crashes, unexpected behavior, or even security vulnerabilities if exploited. Commonly caused by improper error handling or lack of checks for NULL values.

Eight of the Seven Pernicious Kingdoms

• Security Features

• Time and State

• Errors

• Input Validation and Representation

• API Abuse

• Code Quality

• Encapsulation

• Environment