SANS TOP 25

SANS TOP 25 based on CWE

SANS TOP 25 Most Dangerous Software Errors is a list of the most common and dangerous software vulnerabilities. It is kept up by the SANS Institute, a well-known provider of cybersecurity training and certification. The Common Vulnerabilities and Exposures (CWE) catalogue, a dictionary of typical software weaknesses and vulnerabilities, provided the information used to create the list.

SANS TOP 25

The SANS TOP 25 is based on a variety of factors, including the prevalence of vulnerabilities in the real world, the severity of their impact, and the ease with which they can be exploited.

The SANS TOP 25 is updated annually to reflect the latest trends in the cybersecurity landscape. The current list for 2023 is as follows:

1. CWE-787 : Out-of-bounds Write.
2. CWE-79 : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’).
3. CWE-89 : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’).
4. CWE-416 : Use After Free.
5. CWE-78 : Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’).
6. CWE-20 : Improper Input Validation.
7. CWE-125 : Out-of-bounds Read.
8. CWE-22 : Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’).
9. CWE-352 : Cross-Site Request Forgery (CSRF).
10. CWE-434 : Unrestricted Upload of File with Dangerous Type.
11. CWE-862 : Missing Authorization.
12. CWE-476 : NULL Pointer Dereference.
13. CWE-287 : Improper Authentication.
14. CWE-190 : Integer Overflow or Wraparound.
15. CWE-502 : Deserialization of Untrusted Data.
16. CWE-77 : Improper Neutralization of Special Elements used in a Command (‘Command Injection’).
17. CWE-119 : Improper Restriction of Operations within the Bounds of a Memory Buffer.
18. CWE-798 : Use of Hard-coded Credentials.
19. CWE-918 : Server-Side Request Forgery (SSRF).
20. CWE-306 : Missing Authentication for Critical Function.
21. CWE-362 : Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’).
22. CWE-269 : Improper Privilege Management.
23. CWE-94 : Improper Control of Generation of Code (‘Code Injection’).
24. CWE-863 : Incorrect Authorization.
25. CWE-276 : Incorrect Default Permissions

By understanding and mitigating the SANS TOP 25 Most Dangerous Software Errors, organizations can significantly reduce their risk of being exploited by attackers.

#Cybersecurity Senselearner Technologies Pvt Ltd