{"id":1026,"date":"2010-02-23T14:51:36","date_gmt":"2010-02-23T04:51:36","guid":{"rendered":"https:\/\/eisabainyo.net\/weblog\/?p=1026"},"modified":"2010-02-19T15:00:21","modified_gmt":"2010-02-19T05:00:21","slug":"25-most-dangerous-programming-errors","status":"publish","type":"post","link":"https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/","title":{"rendered":"25 Most Dangerous Programming Errors"},"content":{"rendered":"

As you can see in the table below, Cross-Site Scripting, SQL Injection and Buffer overflows are three most common and serious programming errors that result in vulnerabilities. This list was published recently on 17 February 2010. <\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\n\t\t\t\tRank<\/th>\n\n\t\t\t\tName<\/th>\n<\/tr>\n
\n\t\t\t\t[1]<\/b><\/td>\n\n\t\t\t\tFailure to Preserve Web Page Structure ('Cross-site Scripting')<\/td>\n<\/tr>\n
\n\t\t\t\t[2]<\/b><\/td>\n\n\t\t\t\tImproper Sanitization of Special Elements used in an SQL Command ('SQL Injection')<\/td>\n<\/tr>\n
\n\t\t\t\t[3]<\/b><\/td>\n\n\t\t\t\tBuffer Copy without Checking Size of Input ('Classic Buffer Overflow')<\/td>\n<\/tr>\n
\n\t\t\t\t[4]<\/b><\/td>\n\n\t\t\t\tCross-Site Request Forgery (CSRF)<\/td>\n<\/tr>\n
\n\t\t\t\t[5]<\/b><\/td>\n\n\t\t\t\tImproper Access Control (Authorization)<\/td>\n<\/tr>\n
\n\t\t\t\t[6]<\/b><\/td>\n\n\t\t\t\tReliance on Untrusted Inputs in a Security Decision<\/td>\n<\/tr>\n
\n\t\t\t\t[7]<\/b><\/td>\n\n\t\t\t\tImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')<\/td>\n<\/tr>\n
\n\t\t\t\t[8]<\/b><\/td>\n\n\t\t\t\tUnrestricted Upload of File with Dangerous Type<\/td>\n<\/tr>\n
\n\t\t\t\t[9]<\/b><\/td>\n\n\t\t\t\tImproper Sanitization of Special Elements used in an OS Command ('OS Command Injection')<\/td>\n<\/tr>\n
\n\t\t\t\t[10]<\/b><\/td>\n\n\t\t\t\tMissing Encryption of Sensitive Data<\/td>\n<\/tr>\n
\n\t\t\t\t[11]<\/b><\/td>\n\n\t\t\t\tUse of Hard-coded Credentials<\/td>\n<\/tr>\n
\n\t\t\t\t[12]<\/b><\/td>\n\n\t\t\t\tBuffer Access with Incorrect Length Value<\/td>\n<\/tr>\n
\n\t\t\t\t[13]<\/b><\/td>\n\n\t\t\t\tImproper Control of Filename for Include\/Require Statement in PHP Program ('PHP File Inclusion')<\/td>\n<\/tr>\n
\n\t\t\t\t[14]<\/b><\/td>\n\n\t\t\t\tImproper Validation of Array Index<\/td>\n<\/tr>\n
\n\t\t\t\t[15]<\/b><\/td>\n\n\t\t\t\tImproper Check for Unusual or Exceptional Conditions<\/td>\n<\/tr>\n
\n\t\t\t\t[16]<\/b><\/td>\n\n\t\t\t\tInformation Exposure Through an Error Message<\/td>\n<\/tr>\n
\n\t\t\t\t[17]<\/b><\/td>\n\n\t\t\t\tInteger Overflow or Wraparound<\/td>\n<\/tr>\n
\n\t\t\t\t[18]<\/b><\/td>\n\n\t\t\t\tIncorrect Calculation of Buffer Size<\/td>\n<\/tr>\n
\n\t\t\t\t[19]<\/b><\/td>\n\n\t\t\t\tMissing Authentication for Critical Function<\/td>\n<\/tr>\n
\n\t\t\t\t[20]<\/b><\/td>\n\n\t\t\t\tDownload of Code Without Integrity Check<\/td>\n<\/tr>\n
\n\t\t\t\t[21]<\/b><\/td>\n\n\t\t\t\tIncorrect Permission Assignment for Critical Resource<\/td>\n<\/tr>\n
\n\t\t\t\t[22]<\/b><\/td>\n\n\t\t\t\tAllocation of Resources Without Limits or Throttling<\/td>\n<\/tr>\n
\n\t\t\t\t[23]<\/b><\/td>\n\n\t\t\t\tURL Redirection to Untrusted Site ('Open Redirect')<\/td>\n<\/tr>\n
\n\t\t\t\t[24]<\/b><\/td>\n\n\t\t\t\tUse of a Broken or Risky Cryptographic Algorithm<\/td>\n<\/tr>\n
\n\t\t\t\t[25]<\/b><\/td>\n\n\t\t\t\tRace Condition<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Source: 2010 CWE\/SANS Top 25 Most Dangerous Programming Errors<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

As you can see in the table below, Cross-Site Scripting, SQL Injection and Buffer overflows<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,6],"tags":[],"class_list":["post-1026","post","type-post","status-publish","format-standard","hentry","category-php","category-www"],"yoast_head":"\n25 Most Dangerous Programming Errors | Tech Leadership Advice & Resources<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"25 Most Dangerous Programming Errors | Tech Leadership Advice & Resources\" \/>\n<meta property=\"og:description\" content=\"As you can see in the table below, Cross-Site Scripting, SQL Injection and Buffer overflows\" \/>\n<meta property=\"og:url\" content=\"https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/\" \/>\n<meta property=\"og:site_name\" content=\"Tech Leadership Advice & Resources\" \/>\n<meta property=\"article:published_time\" content=\"2010-02-23T04:51:36+00:00\" \/>\n<meta name=\"author\" content=\"Isabel Nyo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Isabel Nyo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/\"},\"author\":{\"name\":\"Isabel Nyo\",\"@id\":\"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/33457dd19f1ad9bbd4b0cb50c54dfcab\"},\"headline\":\"25 Most Dangerous Programming Errors\",\"datePublished\":\"2010-02-23T04:51:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/\"},\"wordCount\":222,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/33457dd19f1ad9bbd4b0cb50c54dfcab\"},\"articleSection\":[\"PHP\",\"WWW\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/\",\"url\":\"https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/\",\"name\":\"25 Most Dangerous Programming Errors | Tech Leadership Advice & Resources\",\"isPartOf\":{\"@id\":\"https:\/\/eisabainyo.net\/weblog\/#website\"},\"datePublished\":\"2010-02-23T04:51:36+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/eisabainyo.net\/weblog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"25 Most Dangerous Programming Errors\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/eisabainyo.net\/weblog\/#website\",\"url\":\"https:\/\/eisabainyo.net\/weblog\/\",\"name\":\"Career Resources for Professionals in Tech\",\"description\":\"Books, worksheets, templates, frameworks and other useful resources for Chief Technology Officers (CTOs), VPs of Engineering & Technology Directors\",\"publisher\":{\"@id\":\"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/33457dd19f1ad9bbd4b0cb50c54dfcab\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/eisabainyo.net\/weblog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/33457dd19f1ad9bbd4b0cb50c54dfcab\",\"name\":\"Isabel Nyo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3d4b1a4e0f425adb39b242b0d62c5fac07c82f8314a24631f1d16f47bdf006d8?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3d4b1a4e0f425adb39b242b0d62c5fac07c82f8314a24631f1d16f47bdf006d8?s=96&d=mm&r=g\",\"caption\":\"Isabel Nyo\"},\"logo\":{\"@id\":\"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/image\/\"},\"description\":\"My interests: Web Development, Web Design, Web Applications, Web 2.0, AJAX, Search Engine Optimisation, Latest Technologies and more..\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"25 Most Dangerous Programming Errors | Tech Leadership Advice & Resources","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/","og_locale":"en_US","og_type":"article","og_title":"25 Most Dangerous Programming Errors | Tech Leadership Advice & Resources","og_description":"As you can see in the table below, Cross-Site Scripting, SQL Injection and Buffer overflows","og_url":"https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/","og_site_name":"Tech Leadership Advice & Resources","article_published_time":"2010-02-23T04:51:36+00:00","author":"Isabel Nyo","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Isabel Nyo","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/#article","isPartOf":{"@id":"https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/"},"author":{"name":"Isabel Nyo","@id":"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/33457dd19f1ad9bbd4b0cb50c54dfcab"},"headline":"25 Most Dangerous Programming Errors","datePublished":"2010-02-23T04:51:36+00:00","mainEntityOfPage":{"@id":"https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/"},"wordCount":222,"commentCount":0,"publisher":{"@id":"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/33457dd19f1ad9bbd4b0cb50c54dfcab"},"articleSection":["PHP","WWW"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/","url":"https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/","name":"25 Most Dangerous Programming Errors | Tech Leadership Advice & Resources","isPartOf":{"@id":"https:\/\/eisabainyo.net\/weblog\/#website"},"datePublished":"2010-02-23T04:51:36+00:00","breadcrumb":{"@id":"https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/eisabainyo.net\/weblog\/2010\/02\/23\/25-most-dangerous-programming-errors\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/eisabainyo.net\/weblog\/"},{"@type":"ListItem","position":2,"name":"25 Most Dangerous Programming Errors"}]},{"@type":"WebSite","@id":"https:\/\/eisabainyo.net\/weblog\/#website","url":"https:\/\/eisabainyo.net\/weblog\/","name":"Career Resources for Professionals in Tech","description":"Books, worksheets, templates, frameworks and other useful resources for Chief Technology Officers (CTOs), VPs of Engineering & Technology Directors","publisher":{"@id":"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/33457dd19f1ad9bbd4b0cb50c54dfcab"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/eisabainyo.net\/weblog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/33457dd19f1ad9bbd4b0cb50c54dfcab","name":"Isabel Nyo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3d4b1a4e0f425adb39b242b0d62c5fac07c82f8314a24631f1d16f47bdf006d8?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3d4b1a4e0f425adb39b242b0d62c5fac07c82f8314a24631f1d16f47bdf006d8?s=96&d=mm&r=g","caption":"Isabel Nyo"},"logo":{"@id":"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/image\/"},"description":"My interests: Web Development, Web Design, Web Applications, Web 2.0, AJAX, Search Engine Optimisation, Latest Technologies and more.."}]}},"_links":{"self":[{"href":"https:\/\/eisabainyo.net\/weblog\/wp-json\/wp\/v2\/posts\/1026","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/eisabainyo.net\/weblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eisabainyo.net\/weblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eisabainyo.net\/weblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/eisabainyo.net\/weblog\/wp-json\/wp\/v2\/comments?post=1026"}],"version-history":[{"count":3,"href":"https:\/\/eisabainyo.net\/weblog\/wp-json\/wp\/v2\/posts\/1026\/revisions"}],"predecessor-version":[{"id":1029,"href":"https:\/\/eisabainyo.net\/weblog\/wp-json\/wp\/v2\/posts\/1026\/revisions\/1029"}],"wp:attachment":[{"href":"https:\/\/eisabainyo.net\/weblog\/wp-json\/wp\/v2\/media?parent=1026"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eisabainyo.net\/weblog\/wp-json\/wp\/v2\/categories?post=1026"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/eisabainyo.net\/weblog\/wp-json\/wp\/v2\/tags?post=1026"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}