NewsTop 25 Most Dangerous Programming Errors

Top 25 Most Dangerous Programming Errors

Developer.com Staff
By Developer.com Staff

Developer.com content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The 2010 CWE/SANS list of top 25 most dangerous programming errors is now available. The list was compiled collaboratively by the SANS Institute, MITRE, and other US and European software security experts. The following is an abbreviated version of the list.

  1. Cross-Site Scripting
  2. SQL Injection
  3. Classic Buffer Overflow
  4. Cross-Site Request Forgery
  5. Improper Access Control
  6. Reliance on Untrusted Inputs in a Security Decision
  7. Path Traversal
  8. Unrestricted Upload of File with Dangerous Type
  9. OS Command Injection
  10. Missing Encryption of Sensitive Data
  11. Use of Hard-Coded Credentials
  12. Buffer Access with Incorrect Length Value
  13. PHP File Inclusion
  14. Improper Validation of Array Index
  15. Improper Check for Unusual or Exceptional Conditions
  16. Information Exposure Through an Error Message
  17. Integer Overflow or Wraparound
  18. Incorrect Calculation of Buffer Size
  19. Missing Authentication for Critical Function
  20. Download of Code Without Integrity Check
  21. Incorrect Permission Assignment for Critical Resource
  22. Allocation of Resources Without Limits or Throttling
  23. Open Redirect
  24. Use of a Broken or Risky Cryptographic Algorithm
  25. Race Condition

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Latest Posts

Related Stories

Developer.com features tutorials, news, and how-tos focused on topics relevant to software engineers, web developers, programmers, and product managers of development teams. In addition to covering the most popular programming languages today, we publish reviews and round-ups of developer tools that help devs reduce the time and money spent developing, maintaining, and debugging their applications. This includes coverage of software management systems and project management (PM) software - all aimed at helping to shorten the software development lifecycle (SDL).

Advertisers

Advertise with TechnologyAdvice on Developer.com and our other developer-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2022 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.