Skip to content

The 25 most dangerous programming errors

January 16, 2009

I readed an article posted by the BBC News about these errors and I decided to copy and past them to have them on my blog. It also can be a good idea if you put the list on your dashboard as a widget (on your mac using Safari you can do it easily).

THE TOP 25 MOST DANGEROUS PROGRAMMING ERRORS

1. CWE-20:Improper Input Validation
2. CWE-116:Improper Encoding or Escaping of Output
3. CWE-89:Failure to Preserve SQL Query Structure
4. CWE-79:Failure to Preserve Web Page Structure
5. CWE-78:Failure to Preserve OS Command Structure
6. CWE-319:Cleartext Transmission of Sensitive Information
7. CWE-352:Cross-Site Request Forgery
8. CWE-362:Race Condition
9. CWE-209:Error Message Information Leak
10. CWE-119:Failure to Constrain Operations within the Bounds of a Memory Buffer
11. CWE-642:External Control of Critical State Data
12. CWE-73:External Control of File Name or Path
13. CWE-426:Untrusted Search Path
14. CWE-94:Failure to Control Generation of Code
15. CWE-494: Download of Code Without Integrity Check
16. CWE-404:Improper Resource Shutdown or Release
17. CWE-665:Improper Initialization
18. CWE-682:Incorrect Calculation
19. CWE-285:Improper Access Control
20. CWE-327:Use of a Broken or Risky Cryptographic Algorithm
21. CWE-259:Hard-Coded Password
22. CWE-732:Insecure Permission Assignment for Critical Resource
23. CWE-330:Use of Insufficiently Random Values
24. CWE-250:Execution with Unnecessary Privileges
25. CWE-602:Client-Side Enforcement of Server-Side Security

Source: SANS Institute

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: