Whilst many people were looking at the Brit awards last night, a different top list has also been released. Instead of counting up the awards for artists, it was counting up the risk and impact of common development errors
The top 5 include
- Cross site scripting
- SQL Injection
- Buffer overflow
- Cross site request forgery
- Improper access control
All of these issues have been known about and well understood for some time, however developers are still regularly making mistakes in these and the other top 20 areas.
There is still a very variable knowledge about common security flaws amongst developers with some being highly skilled and knowledgeable about one or two specific weaknesses whilst being completely unaware of others. There are not many developers who are unaware of the risks of SQL injection, however it still remains number 2 in the list with many developers happily using un-sanitised data in database queries.
Every developer should see the simple things that have the biggest impact on your application security as there is probably something there that any developer can learn and if you have the time, carry on to read the full list of the 25 most dangerous programming errors, learning what they each are, how to recognise them and how to prevent them.
