FANDOM


Top25

The 2010 CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

The ListEdit

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Edit

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.


Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')Edit

The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.


Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')Edit

The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.


Cross-Site Request Forgery (CSRF)Edit

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.


Improper Access Control (Authorization)Edit

The software does not perform or incorrectly performs access control checks across all potential execution paths.


Reliance on Untrusted Inputs in a Security DecisionEdit

The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.


Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')Edit

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.


Unrestricted Upload of File with Dangerous TypeEdit

The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.


Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')Edit

The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.


Missing Encryption of Sensitive DataEdit

The software does not encrypt sensitive or critical information before storage or transmission.


Use of Hard-coded CredentialsEdit

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.


Buffer Access with Incorrect Length ValueEdit

The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.


Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')Edit

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.


Improper Validation of Array IndexEdit

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.


Improper Check for Unusual or Exceptional ConditionsEdit

The software does not check or improperly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.


Information Exposure Through an Error MessageEdit

The software generates an error message that includes sensitive information about its environment, users, or associated data.


Integer Overflow or WraparoundEdit

The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.


Incorrect Calculation of Buffer SizeEdit

The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.


Missing Authentication for Critical FunctionEdit

The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Download of Code Without Integrity CheckEdit

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.


Incorrect Permission Assignment for Critical ResourceEdit

The software specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.


Allocation of Resources Without Limits or ThrottlingEdit

The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on how many resources can be allocated, in violation of the intended security policy for that actor.


URL Redirection to Untrusted Site ('Open Redirect')Edit

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.


Use of a Broken or Risky Cryptographic AlgorithmEdit

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the disclosure of sensitive information.


Race ConditionEdit

The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.


Monster Mitigation MatrixEdit

The following table maps CWEs to the recommended monster mitigations, along with a brief summary of the mitigation's effectiveness.

Effectiveness ratings include:

  • High: The mitigation has well-known, well-understood strengths and limitations; there is good coverage with respect to variations of the weakness.
  • Moderate: The mitigation will prevent the weakness in multiple forms, but it does not have complete coverage of the weakness.
  • Limited: The mitigation may be useful in limited circumstances, only be applicable to a subset of this weakness type, require extensive training/customization, or give limited visibility.
  • Defense in Depth (DiD): The mitigation may not necessarily prevent the weakness, but it may help to minimize the potential impact when an attacker exploits the weakness.

Within the matrix, the following mitigations are identified:

  • M1: Establish and maintain control over all of your inputs.
  • M2: Establish and maintain control over all of your outputs.
  • M3: Lock down your environment.
  • M4: Assume that external components can be subverted, and your code can be read by anyone.
  • M5: Use industry-accepted security features instead of inventing your own.


M1 M2 M3 M4 M5 CWE
High DiD Mod Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Mod High DiD Ltd Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Mod High Ltd Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Mod High DiD Ltd Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Mod DiD Ltd Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
Mod DiD Ltd Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
High DiD Ltd Improper Validation of Array Index
Mod DiD Ltd Incorrect Calculation of Buffer Size
Mod DiD Ltd Integer Overflow or Wraparound
Ltd High DiD Mod Information Exposure Through an Error Message
DiD Mod Mod Improper Access Control (Authorization)
Mod Mod Missing Authentication for Critical Function
DiD Missing Encryption of Sensitive Data
High Use of a Broken or Risky Cryptographic Algorithm
Ltd Cross-Site Request Forgery (CSRF)
DiD Race Condition
Mod DiD Mod Unrestricted Upload of File with Dangerous Type
DiD Download of Code Without Integrity Check
Mod Mod Ltd URL Redirection to Untrusted Site ('Open Redirect')
Ltd DiD Mod Incorrect Permission Assignment for Critical Resource
Mod Ltd DiD Improper Check for Unusual or Exceptional Conditions
Ltd DiD Ltd Allocation of Resources Without Limits or Throttling
DiD High Mod Use of Hard-coded Credentials
Mod DiD Ltd Buffer Access with Incorrect Length Value
Mod DiD Mod Mod Reliance on Untrusted Inputs in a Security Decision