The SANS Institute released a report on the top 25 most dangerous programming errors in the industry on January 12th, 2009. Items such as SQL injection, Cross-Site-Scripting problems and input validation top the list. The issue brought up isn’t necessarily the errors themselves but rather the education of programmers and software engineers to be aware of the problems and include testing to find them. Most programmers coming out of college today aren’t specifically taught what is considered a bad programming error. Becoming familiar with the list and learning more about the errors you don’t understand will make you a better and safer programmer.
This isn’t a static list – it can and will be updated periodically over time.