Eric Soto

easoto@iss-pr.com

Welcome! This is Eric Soto and I am a Mobile Software Engineer and technology leader specializing in mobile apps and APIs. As a certified Agile practitioner, I help businesses expand quickly into mobile and the internet so they can better reach a nationwide presence.

Top 25 Most Dangerous Software Errors

As a developer, I'm always careful that my code can't be exploited. However, as systems get more and more complex, and we use pieces of code or libraries from others, this task becomes more difficult.

In my quest to stay "up to date", I just ran across a very cool resource.

It's a list of the Top 25 Most Dangerous Software Errors. Though dated 2011, this is their "current link" on their website, so I'm thinking this is as up-to-date as this group has been able to make it.

Interestingly and not surprisingly, at the top of the list is SQL Injection vulnerabilities, which happens (among other ways) when inputs in fields (like a form field) are not correctly inspected prior to passing them to the SQL database. A clever hacker can add characters into the field that SQL would see as a command, giving the said attacker an opportunity to run arbitrary instructions against your data! (Yikes.) This is a common error... and one I thought EVERY developer surely had learned to avoid. Apparently not!

By the way, SQL Injection attacks are super easy to prevent by simply validating input ALWAYS. There is no excuse for a system vulnerable to this!

Check out the full list at:

http://cwe.mitre.org/top25/index.html

Receive new blog posts via email. Simply enter your email below. (Note, your email will only be used to send you new blog posts.)

Enter your email address:

Delivered by FeedBurner

Mobile Software Engineer, iOS & Android, REST API Development

Eric A. Soto * West Palm Beach, Florida
easoto@iss-pr.com * 561-318-1610