PHP, WWW

25 Most Dangerous Programming Errors

As you can see in the table below, Cross-Site Scripting, SQL Injection and Buffer overflows are three most common and serious programming errors that result in vulnerabilities. This list was published recently on 17 February 2010.

Rank Name
[1] Failure to Preserve Web Page Structure ('Cross-site Scripting')
[2] Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')
[3] Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
[4] Cross-Site Request Forgery (CSRF)
[5] Improper Access Control (Authorization)
[6] Reliance on Untrusted Inputs in a Security Decision
[7] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
[8] Unrestricted Upload of File with Dangerous Type
[9] Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')
[10] Missing Encryption of Sensitive Data
[11] Use of Hard-coded Credentials
[12] Buffer Access with Incorrect Length Value
[13] Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
[14] Improper Validation of Array Index
[15] Improper Check for Unusual or Exceptional Conditions
[16] Information Exposure Through an Error Message
[17] Integer Overflow or Wraparound
[18] Incorrect Calculation of Buffer Size
[19] Missing Authentication for Critical Function
[20] Download of Code Without Integrity Check
[21] Incorrect Permission Assignment for Critical Resource
[22] Allocation of Resources Without Limits or Throttling
[23] URL Redirection to Untrusted Site ('Open Redirect')
[24] Use of a Broken or Risky Cryptographic Algorithm
[25] Race Condition

Source: 2010 CWE/SANS Top 25 Most Dangerous Programming Errors