CWE Top 25 Most Dangerous Software Weaknesses – 2020

penetration testing methodologies
Common Weaknesses Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CWE-787 Out-of-bounds Write
CWE-20 Improper Input Validation
CWE-125 Out-of-bounds Read
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-416 Use After Free
CWE-352 Cross-Site Request Forgery (CSRF)
CWE-78 Improper Neutralization of Special Elements used in an OS Command Injection
CWE-190 Integer Overflow or Wraparound
CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE-476 NULL Pointer Dereference
CWE-287 Improper Authentication
CWE-434 Unrestricted Upload of File with Dangerous Type
CWE-732 Incorrect Permission Assignment for Critical Resource
CWE-94 Improper Control of Generation of Code (‘Code Injection’)
CWE-522 Insufficiently Protected Credentials
CWE-611 Improper Restriction of XML External Entity Reference
CWE-798 Use of Hard-coded Credentials
CWE-502 Deserialization of Untrusted Data
CWE-269 Improper Privilege Management
CWE-400 Uncontrolled Resource Consumption
CWE-306 Missing Authentication for Critical Function
CWE-862 Missing Authorization