{"id":486,"date":"2009-01-16T19:29:21","date_gmt":"2009-01-16T09:29:21","guid":{"rendered":"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/"},"modified":"2009-01-16T19:29:21","modified_gmt":"2009-01-16T09:29:21","slug":"top-25-most-dangerous-programming-errors","status":"publish","type":"post","link":"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/","title":{"rendered":"Top 25 Most Dangerous Programming Errors"},"content":{"rendered":"<blockquote><p>(January 12, 2009) Today in Washington, DC, experts from more than 30 US and international cyber security organizations jointly released the consensus list of the 25 most dangerous programming errors that lead to security bugs and that enable cyber espionage and cyber crime.<\/p><\/blockquote>\n<p>These programming errors are categorised into 3 categories.  <\/p>\n<p>    * Insecure Interaction Between Components (9 errors)<br \/>\n    * Risky Resource Management (9 errors)<br \/>\n    * Porous Defenses (7 errors)<\/p>\n<p><strong>CATEGORY: Insecure Interaction Between Components<\/strong><br \/>\nCWE-20: Improper Input Validation<br \/>\nCWE-116: Improper Encoding or Escaping of Output<br \/>\nCWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection')<br \/>\nCWE-79: Failure to Preserve Web Page Structure (aka 'Cross-site Scripting')<br \/>\nCWE-78: Failure to Preserve OS Command Structure (aka 'OS Command Injection')<br \/>\nCWE-319: Cleartext Transmission of Sensitive Information<br \/>\nCWE-352: Cross-Site Request Forgery (CSRF)<br \/>\nCWE-362: Race Condition<br \/>\nCWE-209: Error Message Information Leak<\/p>\n<p><strong>CATEGORY: Risky Resource Management<\/strong><br \/>\nCWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer<br \/>\nCWE-642: External Control of Critical State Data<br \/>\nCWE-73: External Control of File Name or Path<br \/>\nCWE-426: Untrusted Search Path<br \/>\nCWE-94: Failure to Control Generation of Code (aka 'Code Injection')<br \/>\nCWE-494: Download of Code Without Integrity Check<br \/>\nCWE-404: Improper Resource Shutdown or Release<br \/>\nCWE-665: Improper Initialization<br \/>\nCWE-682: Incorrect Calculation<\/p>\n<p><strong>CATEGORY: Porous Defenses<\/strong><br \/>\nCWE-285: Improper Access Control (Authorization)<br \/>\nCWE-327: Use of a Broken or Risky Cryptographic Algorithm<br \/>\nCWE-259: Hard-Coded Password<br \/>\nCWE-732: Insecure Permission Assignment for Critical Resource<br \/>\nCWE-330: Use of Insufficiently Random Values<br \/>\nCWE-250: Execution with Unnecessary Privileges<br \/>\nCWE-602: Client-Side Enforcement of Server-Side Security<\/p>\n<p>Source: <a href=\"http:\/\/www.sans.org\/top25errors\/\">CWE\/SANS TOP 25 Most Dangerous Programming Errors<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>(January 12, 2009) Today in Washington, DC, experts from more than 30 US and international<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,1],"tags":[],"class_list":["post-486","post","type-post","status-publish","format-standard","hentry","category-news","category-default"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Top 25 Most Dangerous Programming Errors | Tech Leadership Advice &amp; Resources<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Top 25 Most Dangerous Programming Errors | Tech Leadership Advice &amp; Resources\" \/>\n<meta property=\"og:description\" content=\"(January 12, 2009) Today in Washington, DC, experts from more than 30 US and international\" \/>\n<meta property=\"og:url\" content=\"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/\" \/>\n<meta property=\"og:site_name\" content=\"Tech Leadership Advice &amp; Resources\" \/>\n<meta property=\"article:published_time\" content=\"2009-01-16T09:29:21+00:00\" \/>\n<meta name=\"author\" content=\"Isabel Nyo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Isabel Nyo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/\"},\"author\":{\"name\":\"Isabel Nyo\",\"@id\":\"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/33457dd19f1ad9bbd4b0cb50c54dfcab\"},\"headline\":\"Top 25 Most Dangerous Programming Errors\",\"datePublished\":\"2009-01-16T09:29:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/\"},\"wordCount\":245,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/33457dd19f1ad9bbd4b0cb50c54dfcab\"},\"articleSection\":[\"News\",\"Web Development Blog\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/\",\"url\":\"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/\",\"name\":\"Top 25 Most Dangerous Programming Errors | Tech Leadership Advice &amp; Resources\",\"isPartOf\":{\"@id\":\"https:\/\/eisabainyo.net\/weblog\/#website\"},\"datePublished\":\"2009-01-16T09:29:21+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/eisabainyo.net\/weblog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Top 25 Most Dangerous Programming Errors\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/eisabainyo.net\/weblog\/#website\",\"url\":\"https:\/\/eisabainyo.net\/weblog\/\",\"name\":\"Career Resources for Professionals in Tech\",\"description\":\"Books, worksheets, templates, frameworks and other useful resources for Chief Technology Officers (CTOs), VPs of Engineering &amp; Technology Directors\",\"publisher\":{\"@id\":\"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/33457dd19f1ad9bbd4b0cb50c54dfcab\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/eisabainyo.net\/weblog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/33457dd19f1ad9bbd4b0cb50c54dfcab\",\"name\":\"Isabel Nyo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3d4b1a4e0f425adb39b242b0d62c5fac07c82f8314a24631f1d16f47bdf006d8?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3d4b1a4e0f425adb39b242b0d62c5fac07c82f8314a24631f1d16f47bdf006d8?s=96&d=mm&r=g\",\"caption\":\"Isabel Nyo\"},\"logo\":{\"@id\":\"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/image\/\"},\"description\":\"My interests: Web Development, Web Design, Web Applications, Web 2.0, AJAX, Search Engine Optimisation, Latest Technologies and more..\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Top 25 Most Dangerous Programming Errors | Tech Leadership Advice &amp; Resources","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/","og_locale":"en_US","og_type":"article","og_title":"Top 25 Most Dangerous Programming Errors | Tech Leadership Advice &amp; Resources","og_description":"(January 12, 2009) Today in Washington, DC, experts from more than 30 US and international","og_url":"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/","og_site_name":"Tech Leadership Advice &amp; Resources","article_published_time":"2009-01-16T09:29:21+00:00","author":"Isabel Nyo","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Isabel Nyo","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/#article","isPartOf":{"@id":"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/"},"author":{"name":"Isabel Nyo","@id":"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/33457dd19f1ad9bbd4b0cb50c54dfcab"},"headline":"Top 25 Most Dangerous Programming Errors","datePublished":"2009-01-16T09:29:21+00:00","mainEntityOfPage":{"@id":"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/"},"wordCount":245,"commentCount":0,"publisher":{"@id":"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/33457dd19f1ad9bbd4b0cb50c54dfcab"},"articleSection":["News","Web Development Blog"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/","url":"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/","name":"Top 25 Most Dangerous Programming Errors | Tech Leadership Advice &amp; Resources","isPartOf":{"@id":"https:\/\/eisabainyo.net\/weblog\/#website"},"datePublished":"2009-01-16T09:29:21+00:00","breadcrumb":{"@id":"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/eisabainyo.net\/weblog\/2009\/01\/16\/top-25-most-dangerous-programming-errors\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/eisabainyo.net\/weblog\/"},{"@type":"ListItem","position":2,"name":"Top 25 Most Dangerous Programming Errors"}]},{"@type":"WebSite","@id":"https:\/\/eisabainyo.net\/weblog\/#website","url":"https:\/\/eisabainyo.net\/weblog\/","name":"Career Resources for Professionals in Tech","description":"Books, worksheets, templates, frameworks and other useful resources for Chief Technology Officers (CTOs), VPs of Engineering &amp; Technology Directors","publisher":{"@id":"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/33457dd19f1ad9bbd4b0cb50c54dfcab"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/eisabainyo.net\/weblog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/33457dd19f1ad9bbd4b0cb50c54dfcab","name":"Isabel Nyo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3d4b1a4e0f425adb39b242b0d62c5fac07c82f8314a24631f1d16f47bdf006d8?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3d4b1a4e0f425adb39b242b0d62c5fac07c82f8314a24631f1d16f47bdf006d8?s=96&d=mm&r=g","caption":"Isabel Nyo"},"logo":{"@id":"https:\/\/eisabainyo.net\/weblog\/#\/schema\/person\/image\/"},"description":"My interests: Web Development, Web Design, Web Applications, Web 2.0, AJAX, Search Engine Optimisation, Latest Technologies and more.."}]}},"_links":{"self":[{"href":"https:\/\/eisabainyo.net\/weblog\/wp-json\/wp\/v2\/posts\/486","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/eisabainyo.net\/weblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eisabainyo.net\/weblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eisabainyo.net\/weblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/eisabainyo.net\/weblog\/wp-json\/wp\/v2\/comments?post=486"}],"version-history":[{"count":0,"href":"https:\/\/eisabainyo.net\/weblog\/wp-json\/wp\/v2\/posts\/486\/revisions"}],"wp:attachment":[{"href":"https:\/\/eisabainyo.net\/weblog\/wp-json\/wp\/v2\/media?parent=486"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eisabainyo.net\/weblog\/wp-json\/wp\/v2\/categories?post=486"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/eisabainyo.net\/weblog\/wp-json\/wp\/v2\/tags?post=486"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}