Investigating SANS/CWE Top 25 Programming Errors

Error message

  • Warning: Cannot modify header information - headers already sent by (output started at /home/infosecw/public_html/index.php:3) in drupal_send_headers() (line 1475 of /home/infosecw/public_html/includes/bootstrap.inc).
  • Warning: Cannot modify header information - headers already sent by (output started at /home/infosecw/public_html/index.php:3) in drupal_send_headers() (line 1475 of /home/infosecw/public_html/includes/bootstrap.inc).
  • Warning: Cannot modify header information - headers already sent by (output started at /home/infosecw/public_html/index.php:3) in drupal_send_headers() (line 1475 of /home/infosecw/public_html/includes/bootstrap.inc).
  • User warning: The following module is missing from the file system: file_entity. For information about how to fix this, see the documentation page. in _drupal_trigger_error_with_delayed_logging() (line 1128 of /home/infosecw/public_html/includes/bootstrap.inc).
  • Warning: Cannot modify header information - headers already sent by (output started at /home/infosecw/public_html/index.php:3) in drupal_send_headers() (line 1475 of /home/infosecw/public_html/includes/bootstrap.inc).
  • Warning: Cannot modify header information - headers already sent by (output started at /home/infosecw/public_html/index.php:3) in drupal_send_headers() (line 1475 of /home/infosecw/public_html/includes/bootstrap.inc).
  • Warning: Cannot modify header information - headers already sent by (output started at /home/infosecw/public_html/index.php:3) in drupal_send_headers() (line 1475 of /home/infosecw/public_html/includes/bootstrap.inc).

Contributed by Fred Williams

On January 12, 2009, experts from more than 30 cyber security organizations jointly released a consensus list of the top 25 most dangerous programming errors (http://www.sans.org/top25errors/). This list attempts to boil down the more than 700 possible causes of software security issues to the ones that are so prevalent and severe that no software should be released to customers without evidence that measures were taken to ensure the software does not contain any of these errors. The Top 25 errors were further broken down into 3 categories: Insecure Interaction between Components that contains 9 errors, Risky Resource Management which contains 9 errors and Porous Defenses has the final 7 errors.

This document is in PDF format. To view it click here.

Rate this article: 
No votes yet