PHPDeveloper.org: Sameer Borate's Blog: Top 25 Most Dangerous Programming Errors

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

PHPMaster.com: Zend Job Queue

Rob Diana's Blog: Web And Scripting Programming Language Job Trends - August 2011

Job Posting: Options Consulting Solutions Seeks PHP Developer Team Lead (Toronto, Canada)

Job Posting: FireScope Seeks Experienced Web Application Developer/Manager (Dallas, TX)

Kevin Schroeder's Blog: Added (PHP 5.3) job queuing to my WordPress instance

Job Posting: Jacob Group (Recruiter) Seeks Director of Software Development (Lacrosse, WI)

Job Posting: Skillshare Seeks Senior Frontend Engineer (New York, NY)

Job Posting: SoftLayer Seeks Software Engineer - Interface Development (Dallas, Tx)

Job Posting: Company Confidential Seeks Senior PHP Developer (Montreal, Quebec, Canada)

Job Posting: SoftLayer Seeks Software Engineer - Systems Development (Dallas, Tx)

News Archive

Reddit.com: What non-PHP stuff should a PHP developer know?

Community News: The Changelog Podcast

Site News: Popular Posts for the Week of 02.10.2012

Leaseweb Labs Blog: Migration to Symfony2 continued

SitePoint.com: How to Create Your Own Random Number Generator in PHP

Refulz.com: The __toString() Method - Objects as Strings

PHPMaster.com: Using Traits in PHP 5.4

Site News: Blast from the Past - One Year Ago in PHP

Ibuildings techPortal: DPC Radio: Implementing OAuth

Artur Ejsmont's Blog: A few words on bugs and software quality

Sameer Borate's Blog:
Top 25 Most Dangerous Programming Errors

by Chris Cornutt July 31, 2009 @ 07:55:44

Sameer has posted about a list generated by CWE/SANS of what they consider to be the twenty-five most dangers errors you can commit in your application development (PHP related or not):

The document lists the most common and significant programming errors which can lead to serious software vulnerabilities. [...] The 25 vulnerabilities are divided into three main categories: Insecure Interaction Between Components, Risky Resource Management and Porous Defenses, details of which are listed below.

Some of the items in the list include:

Insecure Interaction Between Components - Failure to Preserve SQL Query Structure ('SQL Injection')
Risky Resource Management - External Control of Critical State Data
Porous Defenses - Execution with Unnecessary Privileges
Insecure Interaction Between Components - Cross-Site Request Forgery (CSRF)
Porous Defenses - Use of a Broken or Risky Cryptographic Algorithm

You can see the full list here, including explanations for each.

0 comments voice your opinion now!
programming error dangerous

Community Events

Don't see your event here?
Let us know!

All content copyright, 2012 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework