Scroll Top

CWE Top 25 Most Dangerous Software Weaknesses – 2020

penetration testing methodologies
Common Weaknesses Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CWE-787 Out-of-bounds Write
CWE-20 Improper Input Validation
CWE-125 Out-of-bounds Read
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-416 Use After Free
CWE-352 Cross-Site Request Forgery (CSRF)
CWE-78 Improper Neutralization of Special Elements used in an OS Command Injection
CWE-190 Integer Overflow or Wraparound
CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE-476 NULL Pointer Dereference
CWE-287 Improper Authentication
CWE-434 Unrestricted Upload of File with Dangerous Type
CWE-732 Incorrect Permission Assignment for Critical Resource
CWE-94 Improper Control of Generation of Code (‘Code Injection’)
CWE-522 Insufficiently Protected Credentials
CWE-611 Improper Restriction of XML External Entity Reference
CWE-798 Use of Hard-coded Credentials
CWE-502 Deserialization of Untrusted Data
CWE-269 Improper Privilege Management
CWE-400 Uncontrolled Resource Consumption
CWE-306 Missing Authentication for Critical Function
CWE-862 Missing Authorization
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.