View-1200: Weaknesses in the 2019 CWE Top 25 Most Dangerous Software Errors

ID: 1200

Type: Graph

Status: Stable

Objective

CWE entries in this view are listed in the 2019 CWE Top 25 Most Dangerous Software Errors.

Audience

Software Developers

By following the Top 25, developers will be able to significantly reduce the number of weaknesses that occur in their software.

Software Customers

If a software developer claims to be following the Top 25, then customers can use the weaknesses in this view in order to formulate independent evidence of that claim.

Educators

Educators can use this view in multiple ways. For example, if there is a focus on teaching weaknesses, the educator could focus on the Top 25.

Membership

CWE-ID title
CWE-119 内存缓冲区边界内操作的限制不恰当
CWE-79 在Web页面生成时对输入的转义处理不恰当(跨站脚本)
CWE-20 输入验证不恰当
CWE-200 信息暴露
CWE-125 跨界内存读
CWE-89 SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
CWE-416 释放后使用
CWE-190 整数溢出或超界折返
CWE-352 跨站请求伪造(CSRF)
CWE-22 对路径名的限制不恰当(路径遍历)
CWE-78 OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
CWE-787 跨界内存写
CWE-287 认证机制不恰当
CWE-476 空指针解引用
CWE-732 关键资源的不正确权限授予
CWE-434 危险类型文件的不加限制上传
CWE-611 XML外部实体引用的不恰当限制(XXE)
CWE-94 对生成代码的控制不恰当(代码注入)
CWE-798 使用硬编码的凭证
CWE-400 未加控制的资源消耗(资源穷尽)
CWE-772 对已超过有效生命周期的资源丧失索引
CWE-426 不可信的搜索路径
CWE-502 可信数据的反序列化
CWE-269 特权管理不恰当
CWE-295 证书验证不恰当

引用

REF-1028 2019 CWE Top 25 Most Dangerous Software Errors