Advertisement
Promo

Security threats Toolkit

Top 25 'most dangerous' coding errors revealed

Tom Espiner ZDNet.co.uk

Published: 13 Jan 2009 18:05 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Security experts from US government agencies, multinational companies and academia have released a list of what they consider to be the 25 most critical errors made while coding software.

Participants from more than 30 organisations worked together to agree on the 25 "most dangerous" errors, the SANS Institute said in a statement on Monday. They included experts from the US National Security Agency, the US Computer Emergency Response Team (US-Cert), Mitre and the Sans Institute, as well as from Microsoft, Apple and Oracle. 

The list was released so programmers can check their code for the most common errors that produce security vulnerabilities. 

"[The list] is going to change the way organisations buy software, right away," Alan Paller, director of the Sans Institute, told ZDNet UK.

The top-two coding errors were improper input validation and improper encoding or escaping of output, according to Steven Christey of Mitre, who said those particular errors "earned the top rating for good reason".

"In 2008, hundreds of thousands of innocent, and generally trusted, web pages were modified to serve malware by automated programs that burrowed into databases using SQL injection," Christey said in a statement. "The attack worked because countless programmers made the exact same [input validation and improper output encoding] mistakes in their software."

The full list of coding errors, and information on how to fix them, is available from the Sans Institute website.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
7 out of 7 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

2 comments

  1. After all this time Tezzer
  2. Has anyone thought of passing this list on to... GeoffO

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:








Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Campaigners criticise '£10bn NHS IT ov...

The National Health Service's flagship IT project has been criticised by a tax campaign group for running billions of pounds over budget. The NHS National Programme for IT (NPfIT)... More

1 comment

Climate research centre compromised

One of the UK's leading climate change research centres has had a security breach. The Climate Research Unit at the University of East Anglia (UEA) suffered a compromise of information,... More

1 comment

Government web-monitoring plans on hol...

Government plans to compel ISPs to process and store details of all web communications have been put on hold until after the next election. The Home Office told ZDNet UK on Wednesday... More

1 comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters