A little late, this top-25, but noteworthy, non the less. The top-25 of programming errors. What about Improper Encoding or Escaping of Output, or SQL Injection (the CWE organization calls it 'Failure to Preserve SQL Query Structure')
Others, I like:
Improper Initialization
Client-Side Enforcement of Server-Side Security
Hard-Coded Password
and, one I blogged about years ago: Use of a Broken or Risky Cryptographic Algorithm
Must read: the SQL Injection cheat sheet
Thursday, January 15, 2009
Subscribe to:
Comments (Atom)