The US Department of “Homeland” “Security” has helped line up a list of common programming errors for all of us to watch out for!
This is nice, but misleading in that it’s not really the US or a homeland that is affected by these lapses, is it? It’s yer normal Auntie Mavis or Joe the Plumber. They’re the ones particularly affected. And it’s not just the US either. It affects millions worldwide and is more of a personal security thing.
Of course, more organisations than the “homeland security” lot were involved – it’s just that certain news reports from some organisations tended to highlight it, so why shouldn’t I?
Anyway & whatever, the link is highly useful.
When you fire it up, navigate to an appropriate section and click the section title e.g.
CWE-20: Improper Input Validation
This will then take you to detailed descriptions with several coded examples in various languages, like C, Java and PHP.
It’s very good, actually. So I’m off to check right now… ;-)
The SANS description of the project along with various commentaries and links is here: Experts Announce Agreement on the 25 Most Dangerous Programming Errors – And How to Fix Them Agreement Will Change How Organizations Buy Software.