Thursday, January 15, 2009

Top-25

A little late, this top-25, but noteworthy, non the less. The top-25 of programming errors. What about Improper Encoding or Escaping of Output, or SQL Injection (the CWE organization calls it 'Failure to Preserve SQL Query Structure')

Others, I like:
Improper Initialization
Client-Side Enforcement of Server-Side Security
Hard-Coded Password
and, one I blogged about years ago: Use of a Broken or Risky Cryptographic Algorithm

Must read: the SQL Injection cheat sheet