NewsTop 25 Most Dangerous Programming Errors

Top 25 Most Dangerous Programming Errors content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The 2010 CWE/SANS list of top 25 most dangerous programming errors is now available. The list was compiled collaboratively by the SANS Institute, MITRE, and other US and European software security experts. The following is an abbreviated version of the list.

  1. Cross-Site Scripting
  2. SQL Injection
  3. Classic Buffer Overflow
  4. Cross-Site Request Forgery
  5. Improper Access Control
  6. Reliance on Untrusted Inputs in a Security Decision
  7. Path Traversal
  8. Unrestricted Upload of File with Dangerous Type
  9. OS Command Injection
  10. Missing Encryption of Sensitive Data
  11. Use of Hard-Coded Credentials
  12. Buffer Access with Incorrect Length Value
  13. PHP File Inclusion
  14. Improper Validation of Array Index
  15. Improper Check for Unusual or Exceptional Conditions
  16. Information Exposure Through an Error Message
  17. Integer Overflow or Wraparound
  18. Incorrect Calculation of Buffer Size
  19. Missing Authentication for Critical Function
  20. Download of Code Without Integrity Check
  21. Incorrect Permission Assignment for Critical Resource
  22. Allocation of Resources Without Limits or Throttling
  23. Open Redirect
  24. Use of a Broken or Risky Cryptographic Algorithm
  25. Race Condition

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Latest Posts

Related Stories