Top 25 most dangerous programming errors

The paper “Top 25 Most Dangerous Programming Errors” ( is an interesting study of the families of programming errors that lead to security issues. The paper is based on input from a wide variety of security experts and is worth reading. The complete list of errors is at

From a T-SQL perspective, however, it seems off mark but the same group has a database of all the common weaknesses. Here is a list of Common SQL specific errors I was able to extract:

· Access Control Bypass Through User-Controlled SQL Primary Key (

· Individual Definition in a New Window Dangling Database Cursor (aka 'Cursor Injection') (

· Failure to Preserve SQL Query Structure (aka 'SQL Injection') (

· Failure to Sanitize Data within XQuery Expressions (aka 'XQuery Injection') (

· SQL Injection: Hibernate (

There are many errors that apply to SQL and other languages. Here is a list that I thought was most relevant to SQL development:

· Algorithmic Complexity (

· Authentication Bypass by Alternate Name (

· Client-Side Enforcement of Server-Side Security (

· Discrepancy Information Leaks (

· Error Handling (

· Error Message Information Leak (

· Failure to Encrypt Sensitive Data (

· Failure to Handle Missing Value (

· Improper Access Control (Authorization) (

· Incorrect Ownership Assignment (

· Incorrect Privilege Assignment (

· Leftover Debug Code (

· Not Using Password Aging (

· Privacy Leak through Data Queries (

· Unchecked Input for Loop Condition (

· Use of Obsolete Functions (