The MITRE teamed with SANS to compile a list of the top dangers in programming errors. These are holes that developers make which allow hackers to exploit the code. Let's look at some examples.
It is no surprise that SQL injection vectors from not checking input would be high on the list. Buffer overflows are also no big surprise. But have you thought about improper paths for directories specified by users? Who would have thunk it?
Here is a problem that I have seen in a peer's code: They hard code authentication info in the code. WTF? And here is one that I am sometimes guilty of. Putting too much sensitive info in an error message.
I think my next project is to demonstrate an example of one of these attack vectors.
Use the Requirements Already - I am working on a release at work. Initially we were supposed to replicate some bunch of database tables that the customer had in an old system. We did a ...