SANS TOP 25

The SANS Top 25 list is a collaboration between the SANS Institute, MITRE, and many top software security experts in the US and Europe. It consists of the following vulnerabilities:

• Improper neutralization of special elements used in a SQL command ('SQL injection')
• Improper neutralization of special elements used in an OS command ('OS command injection')
• Buffer copy without checking the size of the input ('classic buffer overflow')
• Improper neutralization of the input during web page generation ('cross-site scripting')
• Missing authentication for a critical function
• Missing authorization
• Use of hardcoded credentials
• Missing encryption of sensitive data
• Unrestricted upload of a file of a dangerous type
• Reliance on untrusted inputs in a security decision
• Execution with unnecessary privileges
• Cross-site request forgery (CSRF)
• Improper limitation of a pathname to a restricted directory ('path traversal')
• The downloading of code without an integrity check
• Incorrect authorization
• Inclusion of a functionality from an untrusted control sphere
• Incorrect permission assignment for a critical resource
• Use of a potentially dangerous function
• Use of a broken or risky cryptographic algorithm
• Incorrect calculation of buffer size

• Improper restriction of excessive authentication attempts
• URL redirection to an untrusted site ('open redirect')
• Uncontrolled format string
• Integer overflow or wraparound
• Use of a one-way hash without a salt

We will cover some of these vulnerabilities in detail in later chapters of this book.