The Most Dangerous Programming Mistakes

snydeq writes "Fatal Exception's Neil McAllister discusses the most dangerous programming mistakes, and what can be done to avoid them. 'Even more than input validation errors, this year's list is rife with application security blunders of all kinds. Some of them sound fairly esoteric, such as "inclusion of functionality from untrusted control sphere." But of all such errors, the highest-ranking one on the list is "missing authentication for critical function" — in other words, the attacker was able to gain access because there was no lock on the door to begin with,' McAllister writes. 'With the pace of Internet attacks accelerating, now is not the time to cut QA staff or skimp on testing and code review.'"

Re:Better link

[frinkster]

If you'd like to read what the mistakes *are*, instead of a fluff piece that amounts to "oh, they're so awful! And people make them all the time, too!", here's the actual original article: http://cwe.mitre.org/top25/index.html

Is one of the mistakes "Not being able to click on a link"? I would check myself, but I can't click on the link.

Headline reveals slashdot philosophy?

[damn_registrars]

it's-probably-fine,-we'll-test-it-live

Could describe every "upgrade" to slashdot that has happened since ... well probably ever.