Twenty four deadly sins of software security
McGraw-Hill's AccessEngineering.
SQL injection.
Web server-related vulnerabilities (XSS, XSRF, and response splitting).
Web client-related vulnerabilities (XSS).
Use of magic URLS, predictable cookies, and hidden form fields.
Buffer overruns.
Format string problems.
Integer overflows.
C++ catastrophes.
Catching exceptions.
Command injection.
Failure to handle errors correctly.
Information leakage.
Race conditions.
Poor usability.
Not updating easily.
Executing code with too much privilege.
Failure to protect stored data.
Sins of mobile code.
Use of weak password-based systems.
Weak random numbers.
Using the wrong cryptography.
Failing to protect network traffic.
Improper use of PKI, especially SSL.
Trusting network name resolution.