20 critical vulnerabilities in the program

I think the biggest mistake is between the chair and the keyboard, but if you disassemble more than “did not notice” and assume that novices are not completely aware of critical errors that can cause serious consequences such as data loss, calling a foreign code, unavailability of service or data theft, the black list is organized as follows:

1. Invalid data entry validation
2. Incorrect encoding or lack of processing output data
3. SQL injection
4. Cross-site scripting
5. Unlimited Console Access (OS Injection)
6. Transmission of personal data on a low-security channel
7. Cross-site request as a fake internal request
8. Competition threads using one resource and incorrect closure of its use
9. Too informative error content
10. Out of the program pointer beyond the allocated memory
11. External management of internal variables and file paths
12. Generated code and its potential injection
13. Auto update program received code without confirming the source
14. Dirty initialization - previous initialization data is available.
15. Mathematics with limited numbers
16. Unreliable authentication and hard-coded passwords
17. Using a compromised or cracked cryptography algorithm
18. Elevated version
19. Using insufficient random numbers
20. Validation on the client side but not on the server side

Based on " Top 25 most dangerous programming errors " Original article