2010 CWE/SANS Top 25 Most Dangerous Programming Errors - Released

I love application security learning resources. The OWASP Top Ten project is one that I always direct people to, as well as numerous books on application security.

One resource I am not sure I have directed people to in the past is

the CWE/SANS Top 25 most Dangerous Programming Errors. This is a fantastically detailed list and the website provides guidance to programmers, developers, and others of all levels. Since the new CWE/SANS Top 25 for 2010 was just released, I figured this is a great time to mention it.

From the website:

The Top 25 list is a tool for education and awareness to help programmers to prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped. Software customers can use the same list to help them to ask for more secure software.

The CWE/SANS Top 25 differs from the OWASP Top 10 by "cover[ing] a broader range of issues than what arise from the web-centric view of the OWASP Top Ten" (Ref.). Meaning that the Top 25 list is not restricting itself to programming errors in web applications. I have learned a lot from looking at both sources.

You will see overlap between the OWASP Top 10 and the CWE/SANS Top 25, but DO NOT let that stop you from looking at both. Each will provide you with reinforcement of application security concepts.

Comments
RyanTJ's Gravatar Thanks man, nice resource.
# Posted By RyanTJ | 2/22/10 9:58 AM
BlogCFC was created by Raymond Camden. This blog is running version 5.9.1. Contact Blog Owner