List of SANS TOP 25

Deepak kumar Deepak kumar

Deepak kumar

Published Oct 9, 2023
+ Follow

The SANS Institute periodically publishes a list of the "SANS Top 25 Most Dangerous Software Errors," which highlights common programming errors and weaknesses that can lead to security vulnerabilities. These errors are categorized based on their impact and prevalence. Here is a list of the SANS Top 25 software:

Insecure Interaction Between Components:

  1. Improper Input Validation
  2. Improper Encoding or Escaping of Output
  3. Failure to Preserve Web Page Structure ('Cross-Site Scripting' or 'XSS')
  4. Cleartext Transmission of Sensitive Information
  5. Cross-Site Request Forgery (CSRF)
  6. Broken Authentication and Session Management

Risky Resource Management:

  1. Injection (e.g., SQL Injection, OS Command Injection)
  2. Insecure Direct Object References (IDOR)
  3. Broken Access Control (e.g., Missing Function-Level Access Control)
  4. Security Misconfiguration
  5. XML External Entity (XXE) Processing
  6. Broken Authentication and Session Management

Porous Defenses:

  1. Improper Error Handling
  2. Insecure Deployment Configurations
  3. Using Components with Known Vulnerabilities
  4. Insufficient Logging and Monitoring

Faulty Cryptography:

  1. Insecure Cryptographic Storage
  2. Insecure Cryptographic Transport
  3. Use of Weak Cryptography

Code Quality Issues:

  1. Improper Validation of Array Index
  2. Integer Overflow or Wraparound
  3. Use of a Broken or Risky Cryptographic Algorithm
  4. Use of Insufficiently Random Values
  5. Execution with Unnecessary Privileges
  6. Download of Code Without Integrity Check

Each of these software errors represents a specific type of vulnerability or weakness that, if not properly addressed during the software development process, can lead to security breaches. It's important for developers and organizations to be aware of these common pitfalls and take measures to prevent and mitigate them to enhance the security of their software systems. Note that the specific rankings and details of the SANS Top 25 may change over time as new threats and vulnerabilities emerge. For the most up-to-date information, it's recommended to visit the official SANS Institute website.

To view or add a comment, sign in

More articles by this author

See all

Explore content categories