25 most dangerous programming errors
Revealed by the SANS Institute, the 25 most dangerous programming errors are:
- CWE-20:Improper Input Validation
- CWE-116:Improper Encoding or Escaping of Output
- CWE-89:Failure to Preserve SQL Query Structure
- CWE-79:Failure to Preserve Web Page Structure
- CWE-78:Failure to Preserve OS Command Structure
- CWE-319:Cleartext Transmission of Sensitive Information
- CWE-352:Cross-Site Request Forgery
- CWE-362:Race Condition
- CWE-209:Error Message Information Leak
- CWE-119:Failure to Constrain Operations within the Bounds of a Memory Buffer
- CWE-642:External Control of Critical State Data
- CWE-73:External Control of File Name or Path
- CWE-426:Untrusted Search Path
- CWE-94:Failure to Control Generation of Code
- CWE-494:Download of Code Without Integrity Check
- CWE-404:Improper Resource Shutdown or Release
- CWE-665:Improper Initialization
- CWE-682:Incorrect Calculation
- CWE-285:Improper Access Control
- CWE-327:Use of a Broken or Risky Cryptographic Algorithm
- CWE-259:Hard-Coded Password
- CWE-732:Insecure Permission Assignment for Critical Resource
- CWE-330:Use of Insufficiently Random Values
- CWE-250:Execution with Unnecessary Privileges
- CWE-602:Client-Side Enforcement of Server-Side Security
Source: SANS Institute
Last updated on 13 January 2009, at 19:03.