A friend of mine who is prone to the dark art of programming sent me a link to the CWE site that lists the Top 25 Most Dangerous Programming Errors. It is actually interesting even for Web projects even though all 25 are very unlikely to occur in a web project. Large scale web projects that are interfaced back-end with other systems could potentially hit a 25 of 25 score if all things that could be done the wrong way were done the wrong way.
The 25 errors are split into 3 categories :
- Insecure Interaction Between Components
- Risky Resource Management
- Porous Defenses
An interesting check list to use when reviewing your favourite programmers work... 😉