Thursday, February 18, 2010

Top 25 Most Dangerous Programming Errors

Came across this nice article.

[1]346CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
[2]330CWE-89Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')
[3]273CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
[4]261CWE-352Cross-Site Request Forgery (CSRF)
[5]219CWE-285Improper Access Control (Authorization)
[6]202CWE-807Reliance on Untrusted Inputs in a Security Decision
[7]197CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
[8]194CWE-434Unrestricted Upload of File with Dangerous Type
[9]188CWE-78Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')
[10]188CWE-311Missing Encryption of Sensitive Data
[11]176CWE-798Use of Hard-coded Credentials
[12]158CWE-805Buffer Access with Incorrect Length Value
[13]157CWE-98Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
[14]156CWE-129Improper Validation of Array Index
[15]155CWE-754Improper Check for Unusual or Exceptional Conditions
[16]154CWE-209Information Exposure Through an Error Message
[17]154CWE-190Integer Overflow or Wraparound
[18]153CWE-131Incorrect Calculation of Buffer Size
[19]147CWE-306Missing Authentication for Critical Function
[20]146CWE-494Download of Code Without Integrity Check
[21]145CWE-732Incorrect Permission Assignment for Critical Resource
[22]145CWE-770Allocation of Resources Without Limits or Throttling
[23]142CWE-601URL Redirection to Untrusted Site ('Open Redirect')
[24]141CWE-327Use of a Broken or Risky Cryptographic Algorithm
[25]138CWE-362Race Condition

Full article is found here