Time and again the problems that face security types are avoidable. Namely, coding by 1001 monkeys. I have seen a lot of code in my time and the overwhelming impression that I have gained in that time is that coders are fundamentally lazy. Formatting errors, buffers not terminated, et cetera. Now the folks over at Securityfocus have a nice piece that addresses the top five most common errors in web application development. The attacks as explained are:
1. Remote code execution
2. SQL injection
3. Format string vulnerabilities
4. Cross Site Scripting (XSS)
5. Username enumeration
Worth a read.
[tags]Vulnerabilities, Coding[/tags]