No. 1 Story
HP job cuts loom for Australian employees
A number of Australian employees of Hewlett-Packard are facing the loss of their jobs as the global computer giant looks to slash its worldwide workforce by up to 30,000.
read moreRelated Articles
SANSCWE, top, most, dangerous, programming, errorsMore From
SANS/CWE top 25 most dangerous programming errors
David Heath
Thursday, 18 February 2010 16:40
SANS and MITRE have launched the 2010 edition of the 25 most dangerous error programmers can make (and they do, regularly!)
Instead it is the dangerous things they do - the things that will attract hackers and other more nasty people. To quote from the website, it "is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all."
The errors are categorised from the perspective of a variety of interest parties for instance Programmers new to security, experienced security programmers, software project managers etc. There is also detailed information on each of the programming errors and useful information on how to mitigate the risk.
This article is simply intended to announce the release of the list; it won't spend time describing all the errors, but no-one will be surprised to hear that the top three errors are:
1. Cross-site scripting
2. SQL Injection
3. Buffer overflow.
Quoting again from the site, "The list is the result of collaboration between the SANS Institute, MITRE, and many top software security experts in the US and Europe. It leverages experiences in the development of the SANS Top 20 attack vectors and MITRE's Common Weakness Enumeration (CWE).
"MITRE maintains the CWE web site, with the support of the US Department of Homeland Security's National Cyber Security Division, presenting detailed descriptions of the top 25 programming errors along with authoritative guidance for mitigating and avoiding them. The CWE site contains data on more than 800 programming errors, design errors, and architecture errors that can lead to exploitable vulnerabilities."
Both programmers and hackers alike will gain much from this information.
You think you have a disaster recovery plan?
Think again. Most businesses only have PART of a DR plan - and this spells business disaster in the event of an IT disaster.
Download The Seven Sins of Disaster Recovery White Paper now and find out how you can prevent this happening to you.
