Together with a few work colleagues (and also friends) I took on a X% project and I’m programming again. I have to say, I was not actively doing it for over a year but it feels good coming back to my roots for a while. I’m excited with the idea and I might come back to it after its launch. 

The first introductory paragraph is to say that I was suggested by a friend to take look at the TOP 25 Most Dangerous Programming Errors by the SANS  institute. The document is very interesting although part of what it’s written exceeds my knowledge (by far),. I highly recommend every developer to take a look at it and specially if you work on security components. It is a good document to have  at hand and, if you want to learn more, the site has information on all the items in the list.

The TOP 25 Errors List will be updated regularly and will be posted at both the SANS and MITRE sites.

Here is the full list for your convenience:

CATEGORY: Insecure Interaction Between Components

CWE-20: Improper Input Validation

CWE-116: Improper Encoding or Escaping of Output

CWE-89: Failure to Preserve SQL Query Structure (aka ‘SQL Injection’)

CWE-79: Failure to Preserve Web Page Structure (aka ‘Cross-site Scripting’)

CWE-78: Failure to Preserve OS Command Structure (aka ‘OS Command Injection’)

CWE-319: Cleartext Transmission of Sensitive Information

CWE-352: Cross-Site Request Forgery (CSRF)

CWE-362: Race Condition

CWE-209: Error Message Information Leak

CATEGORY: Risky Resource Management

CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer

CWE-642: External Control of Critical State Data

CATEGORY: Porous Defenses

CWE-285: Improper Access Control (Authorization)

CWE-327: Use of a Broken or Risky Cryptographic Algorithm