About 95 percent of software security bugs come from 19 “common, well-understood” programming mistakes also called the 19 Deadly Sins of Software Security and they are the following:

1. Buffer Overruns
2. Format String Problems
3. Integer Overflows
4. SQL Injection
5. Command Injection
6. Failing to Handle Errors
7. Cross-Site Scripting
8. Failing to Protect Network Traffic
9. Use of Magic URLs and Hidden Form Fields
10. Improper Use of SSL and TLS
11. Use of Weak Password-Based Systems
12. Failing to Store and Protect Data Securely
13. Information Leakage
14. Improper File Access
15. Trusting Network Name Resolution
16. Race Conditions
17. Unauthenticated Key Exchange
18. Cryptographically Strong Random Numbers
19. Poor Usability

This entry was posted on Friday, August 22nd, 2008 at 11:22 pm and is filed under Software Security.