Just a quick note to share a useful resource with you. Just came across a good article “25 common programming errors” for software programmers and software testers. Basically this is more useful for programmers but I think software testers can get insight on how developers can unknowingly leave bugs in software programs.
Each bug listed in this resource can lead to serious software vulnerabilities if not fixed. The top 25 security bugs list will help programmers to avoid some common but serious coding mistakes. For software testers list will be useful as a security testing checklist for Internet as well as for testing desktop application.
Here are few top security vulnerabilities discussed in detail in this article:
- Improper input validation
- Improper escaping of output or encoding
- SQL injection
- Cross-site scripting
- Race conditions
- Information leak in error messages
- Error while transmitting sensitive information
- Memory leak
- External control of critical data and file paths
- Improper initialization
- Improper authorization
- Client side security checks
I think, the most common security vulnerability mistake developers make is “Client side enforcement of server side security”.
Check out below article so that you can at least help developers for improving their code standards ;-)