I just worked my way through the list SANS published. Looking at the list it is not surprising but scary to see which errors made it to the top of the list:

  1. Cross-site Scripting
  2. SQL Injection
  3. Classic Buffer Overflow
  4. Cross-Site Request Forgery
  5. Improper Access Control

It shows as we often say that the attacks moved up the stack and a lot of challenges are based on improperly written applications. So, if you are organization is developing applications, you should start to implement a process like the Security Development Lifecycle. If you need information about this, look at our website: Microsoft Security Development Lifecycle

Roger