Top 25 most dangerous programming errors

The paper “Top 25 Most Dangerous Programming Errors” ( is an interesting study of the families of programming errors that lead to security issues. The paper is based on input from a wide variety of security experts and is worth reading. The complete list of errors is at

From a T-SQL perspective, however, it seems off mark but the same group has a database of all the common weaknesses. Here is a list of Common SQL specific errors I was able to extract:

·         Access Control Bypass Through User-Controlled SQL Primary Key (

·         Individual Definition in a New Window Dangling Database Cursor (aka 'Cursor Injection') (

·         Failure to Preserve SQL Query Structure (aka 'SQL Injection') (

·         Failure to Sanitize Data within XQuery Expressions (aka 'XQuery Injection') (

·         SQL Injection: Hibernate (


There are many errors that apply to SQL and other languages. Here is a list that I thought was most relevant to SQL development:

·         Algorithmic Complexity (

·         Authentication Bypass by Alternate Name (

·         Client-Side Enforcement of Server-Side Security (

·         Discrepancy Information Leaks (

·         Error Handling (

·         Error Message Information Leak (

·         Failure to Encrypt Sensitive Data (

·         Failure to Handle Missing Value (

·         Improper Access Control (Authorization) (

·         Incorrect Ownership Assignment (

·         Incorrect Privilege Assignment (

·         Leftover Debug Code (

·         Not Using Password Aging (

·         Privacy Leak through Data Queries (

·         Unchecked Input for Loop Condition (

·         Use of Obsolete Functions (

Skip to main content