Geeks With Blogs

Connected Systems Chilled Out Blog Hanging stuff together in a meaningful way with some fun added

Sourced from: CWE

This is a brief listing of the Top 25 items, using the general ranking.

NOTE: 16 other weaknesses were considered for inclusion in the Top 25, but their general scores were not high enough. They are listed in the On the Cusp focus profile.

Rank
Score
ID
Name

[1]
346
CWE-79
Failure to Preserve Web Page Structure ('Cross-site Scripting')

[2]
330
CWE-89
Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')

[3]
273
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

[4]
261
CWE-352
Cross-Site Request Forgery (CSRF)

[5]
219
CWE-285
Improper Access Control (Authorization)

[6]
202
CWE-807
Reliance on Untrusted Inputs in a Security Decision

[7]
197
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

[8]
194
CWE-434
Unrestricted Upload of File with Dangerous Type

[9]
188
CWE-78
Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')

[10]
188
CWE-311
Missing Encryption of Sensitive Data

[11]
176
CWE-798
Use of Hard-coded Credentials

[12]
158
CWE-805
Buffer Access with Incorrect Length Value

[13]
157
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')

[14]
156
CWE-129
Improper Validation of Array Index

[15]
155
CWE-754
Improper Check for Unusual or Exceptional Conditions

[16]
154
CWE-209
Information Exposure Through an Error Message

[17]
154
CWE-190
Integer Overflow or Wraparound

[18]
153
CWE-131
Incorrect Calculation of Buffer Size

[19]
147
CWE-306
Missing Authentication for Critical Function

[20]
146
CWE-494
Download of Code Without Integrity Check

[21]
145
CWE-732
Incorrect Permission Assignment for Critical Resource

[22]
145
CWE-770
Allocation of Resources Without Limits or Throttling

[23]
142
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')

[24]
141
CWE-327
Use of a Broken or Risky Cryptographic Algorithm

[25]
138
CWE-362
Race Condition

Cross-site scripting and SQL injection are the 1-2 punch of security weaknesses in 2010. Even when a software package doesn't primarily run on the web, there's a good chance that it has a web-based management interface or HTML-based output formats that allow cross-site scripting. For data-rich software applications, SQL injection is the means to steal the keys to the kingdom. The classic buffer overflow comes in third, while more complex buffer overflow variants are sprinkled in the rest of the Top 25.

Posted on Wednesday, April 21, 2010 6:09 PM | Back to top


Comments on this post: Top 25 security issues for developers of web sites

# re: Top 25 security issues for developers of web sites
Requesting Gravatar...
As a developer i know about all these issues and this blog is really good for the students who studied development so we can assume them as a case study for the learners thanks for sharing your best skills and australianwritings.com review is available to support this type of information thanks alot for sharing..
Left by rashu on Jan 28, 2017 3:38 AM

# 8 weeks 6 days pregnant ultrasound
Requesting Gravatar...
Hi admin,
This is ayesha saleem. I also a developer and i am also facing most the point number 20. 8 weeks 6 days pregnant ultrasound Well, i am searching for some pregnancy blogs to develop a new website for a client and i landed on this page. Well, i just found it.
Left by ayesha on Mar 19, 2017 7:07 AM

# Issue number 25
Requesting Gravatar...
HI,
This is a very good blog and i just loved it. I also saved the blogs in my desktop and hopefully visit it again. Click me Well, i am searching for some pregnancy blogs to get to know about the methoselioma.
Left by sami on Apr 18, 2017 11:55 AM

# Real Estate Agent
Requesting Gravatar...
searching a new property to investment but where to invest you don't know Larry Weltman the Real Estate Agent help you to find the best property.
Left by kairi bandu on Oct 23, 2017 12:49 AM

Your comment:
 (will show your gravatar)


Copyright © BizTalk Visionary | Powered by: GeeksWithBlogs.net