Here’s an interesting read if you work in or with a team that’s responsible for building public facing systems. It’s a collection of the top 25 programming errors that have been responsible for most of the major security breeches and system outages over the last few years. Some of them are pretty well known, some a bit more exotic, but it’s always a good idea to make sure you’re aware of the risks you’re facing and familiarise yourself with them.
Here are the top 3, which I’m sure most people are familiar with:
- Failure to Preserve Web Page Structure (‘Cross-site Scripting’)
- Improper Sanitization of Special Elements used in an SQL Command (‘SQL Injection’)
- Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
Get the whole list here: Top 25 Most Dangerous Programming Errors
What I like about the list is that there’s a plain English description after each vulnerability (further down in the document), which you can use when explaining to non-programmers what the risk is all about. So next time your website gets hacked, you can use this to explain to your CEO exactly how it happened.
On a side note: My mate Noah maintains that the single Most Dangerous Programming Error was demonstrated to us by James Cameron in the Terminator series: Giving complete control to machines results in disastrous consequences which includes them ruling the world and going back in time to kill your mother. I have a plan for that though; if we take down the satellites they won’t have access to internet satellite services and therefore will get lost as soon as they’re out of Bluetooth range of each other. Reckon that will work?