benevolent001 - 11:01 am on Mar 4, 2010 (gmt 0)
The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most
significant programming errors that can lead to serious software vulnerabilities.
Since web is all about interaction of various different web components , a look at following list would be great for making safe web applications.
Some of errors are
Improper Input Validation
Improper Encoding or Escaping of Output
Failure to Preserve SQL Query Structure ('SQL Injection')
Failure to Preserve Web Page Structure ('Cross-site Scripting)
Cross-Site Request Forgery (CSRF)
Client-Side Enforcement of Server-Side Security
Improper Access Control (Authorization)
Use of a Broken or Risky Cryptographic Algorithm