{"id":1022,"date":"2010-03-30T12:36:19","date_gmt":"2010-03-30T19:36:19","guid":{"rendered":"http:\/\/juixe.com\/techknow\/?p=1022"},"modified":"2010-03-28T23:39:08","modified_gmt":"2010-03-29T06:39:08","slug":"top-25-most-dangerous-programming-errors","status":"publish","type":"post","link":"http:\/\/juixe.com\/techknow\/index.php\/2010\/03\/30\/top-25-most-dangerous-programming-errors\/","title":{"rendered":"Top 25 Most Dangerous Programming Errors"},"content":{"rendered":"<p>I&#8217;ve always been interested in understanding common programming errors so that I can easily recognize and diagnose problems, hopefully without spending hours staring at my breakpoints in my debugger.  Previously, I&#8217;ve written on <a href=\"http:\/\/juixe.com\/techknow\/index.php\/2006\/06\/11\/common-groovy-errors\/\">Common Groovy Errors<\/a> and <a href=\"http:\/\/juixe.com\/techknow\/index.php\/2010\/03\/08\/top-worst-java-errors\/\">Top Worse Java Errors<\/a>.<\/p>\n<p>The US Department of Homeland Security, under the Common Weakness Enumeration initiative put out the <a href=\"http:\/\/cwe.mitre.org\/top25\/#Brief\">2010 CWE\/SANS Top 25 Most Dangerous Programming Errors<\/a>.  Most of the errors noted related to web application security programming errors.<\/p>\n<ul>\n<li>Failure to Preserve Web Page Structure (&#8216;Cross-site Scripting&#8217;)<\/li>\n<li>Improper Sanitization of Special Elements used in an SQL Command (&#8216;SQL Injection&#8217;)<\/li>\n<li>Buffer Copy without Checking Size of Input (&#8216;Classic Buffer Overflow&#8217;)<\/li>\n<li>Cross-Site Request Forgery (CSRF)<\/li>\n<li>Improper Access Control (Authorization)<\/li>\n<li>Reliance on Untrusted Inputs in a Security Decision<\/li>\n<li>Improper Limitation of a Pathname to a Restricted Directory (&#8216;Path Traversal&#8217;)<\/li>\n<li>Unrestricted Upload of File with Dangerous Type<\/li>\n<li>Improper Sanitization of Special Elements used in an OS Command (&#8216;OS Command Injection&#8217;)<\/li>\n<li>Missing Encryption of Sensitive Data<\/li>\n<li>Use of Hard-coded Credentials<\/li>\n<li>Buffer Access with Incorrect Length Value<\/li>\n<li>Improper Control of Filename for Include\/Require Statement in PHP Program (&#8216;PHP File Inclusion&#8217;)<\/li>\n<li>Improper Validation of Array Index<\/li>\n<li>Improper Check for Unusual or Exceptional Conditions<\/li>\n<li>Information Exposure Through an Error Message<\/li>\n<li>Integer Overflow or Wraparound<\/li>\n<li>Incorrect Calculation of Buffer Size<\/li>\n<li>Missing Authentication for Critical Function<\/li>\n<li>Download of Code Without Integrity Check<\/li>\n<li>Incorrect Permission Assignment for Critical Resource<\/li>\n<li>Allocation of Resources Without Limits or Throttling<\/li>\n<li>URL Redirection to Untrusted Site (&#8216;Open Redirect&#8217;)<\/li>\n<li>Use of a Broken or Risky Cryptographic Algorithm<\/li>\n<li>Race Condition<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>I&#8217;ve always been interested in understanding common programming errors so that I can easily recognize and diagnose problems, hopefully without spending hours staring at my breakpoints in my debugger. Previously, I&#8217;ve written on Common Groovy Errors and Top Worse Java Errors. The US Department of Homeland Security, under the Common Weakness Enumeration initiative put out [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","footnotes":""},"categories":[18,19,3],"tags":[30,137,136,135,804,115,807,138,139],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p902K-gu","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"http:\/\/juixe.com\/techknow\/index.php\/wp-json\/wp\/v2\/posts\/1022"}],"collection":[{"href":"http:\/\/juixe.com\/techknow\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/juixe.com\/techknow\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/juixe.com\/techknow\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/juixe.com\/techknow\/index.php\/wp-json\/wp\/v2\/comments?post=1022"}],"version-history":[{"count":1,"href":"http:\/\/juixe.com\/techknow\/index.php\/wp-json\/wp\/v2\/posts\/1022\/revisions"}],"predecessor-version":[{"id":1023,"href":"http:\/\/juixe.com\/techknow\/index.php\/wp-json\/wp\/v2\/posts\/1022\/revisions\/1023"}],"wp:attachment":[{"href":"http:\/\/juixe.com\/techknow\/index.php\/wp-json\/wp\/v2\/media?parent=1022"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/juixe.com\/techknow\/index.php\/wp-json\/wp\/v2\/categories?post=1022"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/juixe.com\/techknow\/index.php\/wp-json\/wp\/v2\/tags?post=1022"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}