The MITRE teamed with SANS to compile a list of the top dangers in programming errors. These are holes that developers make which allow hackers to exploit the code. Let's look at some examples.
It is no surprise that SQL injection vectors from not checking input would be high on the list. Buffer overflows are also no big surprise. But have you thought about improper paths for directories specified by users? Who would have thunk it?
Here is a problem that I have seen in a peer's code: They hard code authentication info in the code. WTF? And here is one that I am sometimes guilty of. Putting too much sensitive info in an error message.
I think my next project is to demonstrate an example of one of these attack vectors.
You're Doing It Wrong - I got on a conference call for our latest software release. The new project manager asked the test team to verify a bunch of tickets. A bunch came out fai...