Top 25 common coding errors that brought down websites

The United States National Security Agency (NSA) has released a list of the top 25 coding errors that have landed coders and webmasters into hot water.

The SANS institute located in Maryland reported that "1.5 million websites were breached" because of two types of coding errors that are on the list. These errors are so malicious and commonly made that the NSA, the Department of Homeland Security, Microsoft, Symantec and many more published a list, a first of its kind, to help out developers as they are coding.

The list is hoped to help those coders and upcoming coders from making the mistakes that veteran coders learned the hard way. With more awareness of common, but serious, coding errors everyone will benefit from the knowledge and consumer's data will remain safe.

    CWE-20:Improper Input Validation
    CWE-116:Improper Encoding or Escaping of Output
    CWE-89:Failure to Preserve SQL Query Structure
    CWE-79:Failure to Preserve Web Page Structure
    CWE-78:Failure to Preserve OS Command Structure
    CWE-319:Cleartext Transmission of Sensitive Information
    CWE-352:Cross-Site Request Forgery
    CWE-362:Race Condition
    CWE-209:Error Message Information Leak
    CWE-119:Failure to Constrain Operations within the Bounds of a Memory Buffer
    CWE-642:External Control of Critical State Data
    CWE-73:External Control of File Name or Path
    CWE-426:Untrusted Search Path
    CWE-94:Failure to Control Generation of Code
    CWE-494:Download of Code Without Integrity Check
    CWE-404:Improper Resource Shutdown or Release
    CWE-665:Improper Initialization
    CWE-682:Incorrect Calculation
    CWE-285:Improper Access Control
    CWE-327:Use of a Broken or Risky Cryptographic Algorithm
    CWE-259:Hard-Coded Password
    CWE-732:Insecure Permission Assignment for Critical Resource
    CWE-330:Use of Insufficiently Random Values
    CWE-250:Execution with Unnecessary Privileges
    CWE-602:Client-Side Enforcement of Server-Side Security
Report a problem with article
Next Article

Bang On: Time to move on from the compact disc

Previous Article

Windows 7: Vista Upgrade & Anytime Upgrade overview

Join the conversation!

Login or Sign Up to read and post a comment.

18 Comments - Add comment