2010 CWE/SANS Top 25 Most Dangerous Programming Errors

Security organizations assemble their annual list of common mistakes which can allow attackers to completely take over the software, steal data, or prevent the software from working at all.

CWE/SANS: The SANS Institute, MITRE, and other top software security experts have once again compiled a list of "the most widespread and critical programming errors that can lead to serious software vulnerabilities."

Here's a quick look at the top five:

  1. Failure to Preserve Web Page Structure ('Cross-site Scripting')
  2. Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')
  3. Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  4. Cross-Site Request Forgery (CSRF)
  5. Improper Access Control (Authorization)

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.