CWE/SANS TOP 25 Most Dangerous Programming Errors

Check the listing of CWE/SANS TOP 25 Most Dangerous Programming Errors.
2009
Rank Item
1 CWE-20: Improper Input Validation
2 CWE-116: Improper Encoding or Escaping of Output
3 CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection')
4 Cross-site scripting
5 CWE-78: Failure to Preserve OS Command Structure (aka 'OS Command Injection')
6 CWE-319: Cleartext Transmission of Sensitive Information
8 CWE-362: Race Condition
9 CWE-209: Error Message Information Leak
10 CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer
11 CWE-642: External Control of Critical State Data
12 CWE-73: External Control of File Name or Path
13 CWE-426: Untrusted Search Path
14 CWE-94: Failure to Control Generation of Code (aka 'Code Injection')
15 CWE-494: Download of Code Without Integrity Check
16 CWE-404: Improper Resource Shutdown or Release
17 CWE-665: Improper Initialization
18 CWE-682: Incorrect Calculation
19 CWE-285: Improper Access Control (Authorization)
20 CWE-327: Use of a Broken or Risky Cryptographic Algorithm
21 CWE-259: Hard-Coded Password
22 CWE-732: Insecure Permission Assignment for Critical Resource
23 CWE-330: Use of Insufficiently Random Values
24 CWE-250: Execution with Unnecessary Privileges
25 CWE-602: Client-Side Enforcement of Server-Side Security