Investigating SANS/CWE Top 25 Programming Errors

by Fred Williams Oct. 1, 2017 via Infosecwriters

On January 12, 2009, experts from more than 30 cyber security organizations jointly released a consensus list of the top 25 most dangerous programming errors (http://www.sans.org/top25errors/). This list attempts to boil down the more than 700 possible causes of software security issues to the ones that are so prevalent and severe that no software should be released to customers without evidence that measures were taken to ensure the software does not contain any of these errors. The Top 25 errors were further broken down into 3 categories: Insecure Interaction between Components that contains 9 errors, Risky Resource Management which contains 9 errors and Porous Defenses has the final 7 errors.

http://www.infosecwriters.com/Papers/FWilliams_25ErrorList.pdf

Avatar
Irina Alexandra Negrii 2 days ago

The errors on this list occur frequently, are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

Reply