Mitre, via its Common Weakness Enumeration effort, in conjunction with SANS, just published the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors. Heading the list are:
- Cross-site Scripting (Score = 346)
- SQL Injection (330)
- Classic Buffer Overflow (273)
- Cross-Site Request Forgery (261)
- Improper Access Control (219)
For each weakness this report provides a Description, Prevention and Mitigation techniques, and links to more reference material. This is well worth reading.
