Top 25 most dangerous software errors are listed below
1.Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2.Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
3.Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
4.Cross-Site Request Forgery (CSRF)
5.Improper Access Control (Authorization)
6.Reliance on Untrusted Inputs in a Security Decision
7.Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
8.Unrestricted Upload of File with Dangerous Type
9.Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
10.Missing Encryption of Sensitive Data
11.Use of Hard-coded Credentials
12.Buffer Access with Incorrect Length Value
13.Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
14.Improper Validation of Array Index
15.Improper Check for Unusual or Exceptional Conditions
16.Information Exposure Through an Error Message
17.Integer Overflow or Wraparound
18.Incorrect Calculation of Buffer Size
19.Missing Authentication for Critical Function
20.Download of Code Without Integrity Check
21.Incorrect Permission Assignment for Critical Resource
22.Allocation of Resources Without Limits or Throttling
23.URL Redirection to Untrusted Site ('Open Redirect')
24.Use of a Broken or Risky Cryptographic Algorithm
25.Race Condition
No comments:
Post a Comment