The SANS Institute has published a list of the 25 most dangerous programming errors - and how to fix them. See CWE/SANS TOP 25 Most Dangerous Programming Errors
. Two of the errors accounted for 1.5 million breaches during 2008, so it is important for programmers to thoroughly study this relatively short list so that they don't have to mop up the mess later on.
SQL injection, cross-site scripting and input validation are well known in programming and usually mitigated appropriately, but others are more subtle and may only be experienced as denials of service or as exploitations of error conditions.
Look at the list, think hard, set some proper analysis time aside. It could save you a lot of embarrassment in the future.
It's quiet in here...Add your comment