Primi dieci punti deboli di sicurezza di un computer in rete [chiuso]

Sono arrivato solo con 5 finora.

Ecco la mia lista in nessun ordine particolare:

1. Configurazione errata della sicurezza ( OWASP Top 10 )

Good security requires having a secure configuration defined and deployed for the 
application, frameworks, application server, web server, database server, and platform. 
All these settings should be defined, implemented, and maintained as many are not 
shipped with secure defaults. This includes keeping all software up to date, including 
all code libraries used by the application.

2. Protezione del livello di trasporto insufficiente ( OWASP Top 10 )

Applications frequently fail to authenticate, encrypt, and protect the confidentiality 
and integrity of sensitive network traffic. When they do, they sometimes support weak 
algorithms, use expired or invalid certificates, or do not use them correctly.

This allows for packet sniffing.

3. Zero day exploit nel software

Networked machines usually provide some kind of service, whether it be a SQL server, 
webserver or FTP server. Vulnerabilities in software will always be a threat as software 
never be developed without security issues.

Vulnerabilities that come under this is for example:
* SQL injection on a database
* XXS on a webserver
* Buffer overflow attacks on an application
* Format string attacks
* ...

4. Hijacking / Spoofing / Session replay

If a middleman is in some way able to observe the traffic between two nodes on a network 
he may try to capture the traffic, modify it and appear as the sender. 

Techniques such as ARP Poisoning comes unde rthis category.

5. Denial of service

Disruption of service by some kind of resource starvation on the victim. I.e packet 
flooding to consume all half-open TCP connections or consuming all bandwith on a 
webserver.