17 февраля обновился список 25 самых опасных ошибок в софтостроении:
2010 CWE/SANS Top 25 Most Dangerous Programming Errors
Вот эти вещи признаны самыми опасными:
[1] Failure to Preserve Web Page Structure ('Cross-site Scripting')
[2] Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')
[3] Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
[4] Cross-Site Request Forgery (CSRF)
[5] Improper Access Control (Authorization)
[6] Reliance on Untrusted Inputs in a Security Decision
[7] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
[8] Unrestricted Upload of File with Dangerous Type
[9] Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')
[10] Missing Encryption of Sensitive Data
[11] Use of Hard-coded Credentials
[12] Buffer Access with Incorrect Length Value
[13] Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
[14] Improper Validation of Array Index
[15] Improper Check for Unusual or Exceptional Conditions
[16] Information Exposure Through an Error Message
[17] Integer Overflow or Wraparound
[18] Incorrect Calculation of Buffer Size
[19] Missing Authentication for Critical Function
[20] Download of Code Without Integrity Check
[21] Incorrect Permission Assignment for Critical Resource
[22] Allocation of Resources Without Limits or Throttling
[23] URL Redirection to Untrusted Site ('Open Redirect')
[24] Use of a Broken or Risky Cryptographic Algorithm
[25] Race Condition
