ITWire

Home Business IT Security SANS/CWE top 25 most dangerous programming errors

SANS/CWE top 25 most dangerous programming errors

Get all your tech news delivered to your mail box five days a week
iTWire UPDATE - it's FREE!


SANS and MITRE have launched the 2010 edition of the 25 most dangerous error programmers can make (and they do, regularly!)
The Top 25 Most dangerous Programming Errors is not intended as a list of typical bugs and errors made by your average programmer.

Instead it is the dangerous things they do - the things that will attract hackers and other more nasty people.  To quote from the website, it "is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all."

The errors are categorised from the perspective of a variety of interest parties for instance Programmers new to security, experienced security programmers, software project managers etc.  There is also detailed information on each of the programming errors and useful information on how to mitigate the risk.

This article is simply intended to announce the release of the list; it won't spend time describing all the errors, but no-one will be surprised to hear that the top three errors are:

1. Cross-site scripting

2. SQL Injection

3. Buffer overflow.

Quoting again from the site, "The list is the result of collaboration between the SANS Institute, MITRE, and many top software security experts in the US and Europe. It leverages experiences in the development of the SANS Top 20 attack vectors and MITRE's Common Weakness Enumeration (CWE).

"MITRE maintains the CWE web site, with the support of the US Department of Homeland Security's National Cyber Security Division, presenting detailed descriptions of the top 25 programming errors along with authoritative guidance for mitigating and avoiding them. The CWE site contains data on more than 800 programming errors, design errors, and architecture errors that can lead to exploitable vulnerabilities."

Both programmers and hackers alike will gain much from this information.

RECRUITMENT & RETENTION REPORT 2013

HIRE OR FIRE? BUY OR BUILD

2013 is well underway and Australian companies need to know whether they should invest in IT skills training or pay a premium for the people they need.

If you want to know which choices are being made in your sector, what skills are hard to find, which sectors intend to hire or fire and where the IT spend is going, this free report is must have.

GET YOUR REPORT NOW

David Heath

joomla statistics

David Heath has over 25 years experience in the IT industry, specializing particularly in customer support, security and computer networking. Heath has worked previously as head of IT for The Television Shopping Network, as the network and desktop manager for Armstrong Jones (a major funds management organization) and has consulted into various Australian federal government agencies (including the Department of Immigration and the Australian Bureau of Criminal Intelligence). He has also served on various state, national and international committees for Novell Users International; he was also the organising chairman for the 1994 Novell Users' Conference in Brisbane. Heath is currently employed as an Instructional Designer, building technical training courses for industrial process control systems.

More in this category: « Microsoft confirms rootkit was the root of update evil MS patch gets rooted »
back to top


Services

Company

Community

Connect

http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=tf&c=19&mc=imp&pli=5460041&PluID=0&ord=[2000]&rtu=-1