2010 CWE/SANS Top 25 Most Dangerous Programming Errors - Released

I love application security learning resources. The OWASP Top Ten project is one that I always direct people to, as well as numerous books on application security.

One resource I am not sure I have directed people to in the past is

the CWE/SANS Top 25 most Dangerous Programming Errors. This is a fantastically detailed list and the website provides guidance to programmers, developers, and others of all levels. Since the new CWE/SANS Top 25 for 2010 was just released, I figured this is a great time to mention it.

From the website:

The Top 25 list is a tool for education and awareness to help programmers to prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped. Software customers can use the same list to help them to ask for more secure software.

The CWE/SANS Top 25 differs from the OWASP Top 10 by "cover[ing] a broader range of issues than what arise from the web-centric view of the OWASP Top Ten" (Ref.). Meaning that the Top 25 list is not restricting itself to programming errors in web applications. I have learned a lot from looking at both sources.

You will see overlap between the OWASP Top 10 and the CWE/SANS Top 25, but DO NOT let that stop you from looking at both. Each will provide you with reinforcement of application security concepts.

RyanTJ's Gravatar Thanks man, nice resource.
# Posted By RyanTJ | 2/22/10 9:58 AM
BlogCFC was created by Raymond Camden. This blog is running version 5.9.1. Contact Blog Owner