SANS Top 25 Epic Fail: CWE-319

If you've taken the time to read over the "Top 25 Most Dangerous Programming Errors" published by SANS recently, you may (or may not) have noticed that CWE-319 is an anomaly, and should be easily pic...

Published Jan 19, 2009

Version 1.0

Employee

Joined October 17, 2006

View Profile

Lori_MacVittie

Employee

Jan 19, 2009

@Izzy,

Termination or not, they're still going to have to decrypt to examine, which means they need access to the keys/certificates, which may mean (depending on the model of the solution) storing those keys/certs on a potentially insecure system.

I do agree that not needing to terminate is certainly a boon - there's less increase in latency when you aren't terminating.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

SANS Top 25 Epic Fail: CWE-319

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS