by mark shiffer
22. April 2010 21:42
Courtesy of the Common Weakness Enumeration site described below:
International in scope and free for public use, CWE™ provides a unified, measurable set of software weaknesses that is enabling more effective discussion, description, selection, and use of software security tools and services that can find these weaknesses in source code and operational systems as well as better understanding and management of software weaknesses related to architecture and design.
This is a brief listing of the Top 25 items, using the general ranking.
NOTE: 16 other weaknesses were considered for inclusion in the Top 25, but their general scores were not high enough. They are listed in the On the Cusp focus profile.
| Rank | Score | ID | Name |
| [1] | 346 | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| [2] | 330 | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') |
| [3] | 273 | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
| [4] | 261 | CWE-352 | Cross-Site Request Forgery (CSRF) |
| [5] | 219 | CWE-285 | Improper Access Control (Authorization) |
| [6] | 202 | CWE-807 | Reliance on Untrusted Inputs in a Security Decision |
| [7] | 197 | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| [8] | 194 | CWE-434 | Unrestricted Upload of File with Dangerous Type |
| [9] | 188 | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') |
| [10] | 188 | CWE-311 | Missing Encryption of Sensitive Data |
| [11] | 176 | CWE-798 | Use of Hard-coded Credentials |
| [12] | 158 | CWE-805 | Buffer Access with Incorrect Length Value |
| [13] | 157 | CWE-98 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion') |
| [14] | 156 | CWE-129 | Improper Validation of Array Index |
| [15] | 155 | CWE-754 | Improper Check for Unusual or Exceptional Conditions |
| [16] | 154 | CWE-209 | Information Exposure Through an Error Message |
| [17] | 154 | CWE-190 | Integer Overflow or Wraparound |
| [18] | 153 | CWE-131 | Incorrect Calculation of Buffer Size |
| [19] | 147 | CWE-306 | Missing Authentication for Critical Function |
| [20] | 146 | CWE-494 | Download of Code Without Integrity Check |
| [21] | 145 | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| [22] | 145 | CWE-770 | Allocation of Resources Without Limits or Throttling |
| [23] | 142 | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
| [24] | 141 | CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
| [25] | 138 | CWE-362 | Race Condition |
Cross-site scripting and SQL injection are the 1-2 punch of security weaknesses in 2010. Even when a software package doesn't primarily run on the web, there's a good chance that it has a web-based management interface or HTML-based output formats that allow cross-site scripting. For data-rich software applications, SQL injection is the means to steal the keys to the kingdom. The classic buffer overflow comes in third, while more complex buffer overflow variants are sprinkled in the rest of the Top 25.
48dedb80-d99b-497e-a934-93fc5f4c4e9c|0|.0
Tags: