Monday, 15 March 2010

2010 CWE/SANS Top 25 Most Dangerous Programming Errors

A few weeks ago was released a new version of the "Top 25 Most Dangerous Programming Errors" list about coding bugs that the MITRE and SANS released last year. This new version comes with a better layout to a better understanding about the risks, the remedies and focus into the identification of the problem.

From my point of view is very interesting the table which defines the weakness by language. I miss the presence of ASP.Net in this list but it can be equated to JSP in most of the cases. In my experience as web pentester I have my own "personal ranking" of insecure web applications. From the most common secure applications to the less one are:
  1. ASP.Net
  2. JSP
  3. Perl/Python
  4. ASP
  5. PHP
This is not a fact! It's only based on my personal experience in my years of web security testing. I'm open to discuss this ranking ;)

I'm also impressed to see how many of these coding bugs are specifically related to web (or mostly associated with web applications). Web applications are becoming more popular everyday (they are already) and with the rising of the cloud computing they are going to become more and more popular even in the Intranet applications.

Documents like this helps developers to build more secure applications and to application tester to identify and document better these bugs that makes our days :) Enjoy reading!

0 comments: