CWE/SANS: The SANS Institute, MITRE, and other top software security experts have once again compiled a list of "the most widespread and critical programming errors that can lead to serious software vulnerabilities."
Here's a quick look at the top five:
- Failure to Preserve Web Page Structure ('Cross-site Scripting')
- Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')
- Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- Cross-Site Request Forgery (CSRF)
- Improper Access Control (Authorization)