Top 25 Most Dangerous Programming Errors

February 22, 2010
By Developer.com Staff

The 2010 CWE/SANS list of top 25 most dangerous programming errors is now available. The list was compiled collaboratively by the SANS Institute, MITRE, and other US and European software security experts. The following is an abbreviated version of the list.

Cross-Site Scripting
SQL Injection
Classic Buffer Overflow
Cross-Site Request Forgery
Improper Access Control
Reliance on Untrusted Inputs in a Security Decision
Path Traversal
Unrestricted Upload of File with Dangerous Type
OS Command Injection
Missing Encryption of Sensitive Data
Use of Hard-Coded Credentials
Buffer Access with Incorrect Length Value
PHP File Inclusion
Improper Validation of Array Index
Improper Check for Unusual or Exceptional Conditions
Information Exposure Through an Error Message
Integer Overflow or Wraparound
Incorrect Calculation of Buffer Size
Missing Authentication for Critical Function
Download of Code Without Integrity Check
Incorrect Permission Assignment for Critical Resource
Allocation of Resources Without Limits or Throttling
Open Redirect
Use of a Broken or Risky Cryptographic Algorithm
Race Condition

0 Comments (click to add your comment)

Comment and Contribute

Solid State Drives: The Future of Data Storage?

Solid state disks (SSDs) made a splash in consumer technology, and now the technology has its eyes on the enterprise storage market. Download this eBook to see what SSDs can do for your infrastructure and review the pros and cons of this potentially game-changing storage technology.