Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Top 25 Most Dangerous Programming Errors

Applicable to wide range of technologies



11:01 am on Mar 4, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most
significant programming errors that can lead to serious software vulnerabilities.

Since web is all about interaction of various different web components , a look at following list would be great for making safe web applications.

Some of errors are

    Improper Input Validation
    Improper Encoding or Escaping of Output
    Failure to Preserve SQL Query Structure ('SQL Injection')
    Failure to Preserve Web Page Structure ('Cross-site Scripting)
    Cross-Site Request Forgery (CSRF)
    Client-Side Enforcement of Server-Side Security
    Improper Access Control (Authorization)
    Hard-Coded Password
    Use of a Broken or Risky Cryptographic Algorithm

[cwe.mitre.org ]


1:52 pm on Mar 4, 2010 (gmt 0)

WebmasterWorld Senior Member eelixduppy is a WebmasterWorld Top Contributor of All Time 10+ Year Member

Very nice find. I figure that even though they propose the general solutions, most of which aren't actually geared towards web applications, that we could give the solutions right here in the thread as sort of a repository of security techniques used often when writing web applications in PHP.

I'll start...

Software error:

Can't locate /home/deploy/webmasterworld/code_format-v6.lib in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.18.2 /usr/local/share/perl/5.18.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.18 /usr/share/perl/5.18 /usr/local/lib/site_perl .) at decode-post-v6.lib line 27, <THREADDAT> line 4.

For help, please send mail to the webmaster (it@imninjas.com), giving this error message and the time and date of the error.