MITRE AND THE SANS INSTITUTE have released their 2011 list of the top 25 most dangerous software errors.
The software coding errors were ranked as the highest due to their ability to let hackers take over systems, steal data, or freeze up the software altogether to stop it from working.
The threats are divided into three key areas - insecure interaction between components, risky resource management, and porous defences. There are six errors in the first category, eight in the second, and 11 in the third.
The insecure interactions include SQL injection, which was used by the hacker group Lulzsec, OS command injection, cross-site scripting, unrestricted upload of dangerous file types, cross-site request forgery and open URL redirects to untrusted web sites.
The risky resource management issues include path traversals, lack of integrity checks on code downloads, functionality from untrusted control spheres, use of potentially dangerous functions, incorrect calculation of buffer size, uncontrolled format strings, and integer overflow or wraparound.
The weak defences include missing authentication of critical functions, missing authorisations, use of hard-coded credentials, missing encryption of sensitive data, reliance on untrusted inputs in secury decisions, execution with unnecessary privileges, incorrect authorisation, incorrect permission assignment for a critical resource, use of broken or risky cryptographic algorithms, improper restrictions of excessive authentication attempts, and use of a one-way hash without a salt.
Of all 25 threats, SQL injection unsurprisingly topped the list. This is a relatively simple attack that allows code to be injected into web site software to exploit the database backend. Similar techniques for OS command injection ranked as the second highest threat, while the classic buffer overflow vulnerability came in third.
The compilation of the list employed Mitre's Common Weakness Enumeration data, which covers over 800 potentially exploitable software errors, and the SANS Institute's top 20 attack vectors list, along with information supplied by security researchers in the US and Europe. µ