Top 25 Software Errors | SANS Institute
CWE TOP 25 Most Dangerous Software Errors
What Errors Are Included in the Top 25 Software Errors?
Click on the CWE ID in any of the listings in the chart below and you will be directed to the relevant spot in the MITRE CWE site where you will find the following:
- Ranking of each Top 25 entry,
- Links to the full CWE entry data,
- Data fields for weakness prevalence and consequences,
- Remediation cost,
- Ease of detection,
- Code examples,
- Detection Methods,
- Attack frequency and attacker awareness
- Related CWE entries, and
- Related patterns of attack for this weakness.
Each entry at the Top 25 Software Errors site also includes fairly extensive prevention and remediation steps that developers can take to mitigate or eliminate the weakness.
- The New 25 Most Dangerous Programming Errors
- The Scoring System
- The Risk Management System
The CWE Top 25
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Input Validation
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Cross-Site Request Forgery (CSRF)
Unrestricted Upload of File with Dangerous Type
