View-1200: Weaknesses in the 2019 CWE Top 25 Most Dangerous Software Errors

ID: 1200

Type: Graph

Status: Stable

Objective

CWE entries in this view are listed in the 2019 CWE Top 25 Most Dangerous Software Errors.

Audience

Software Developers

By following the Top 25, developers will be able to significantly reduce the number of weaknesses that occur in their software.

Software Customers

If a software developer claims to be following the Top 25, then customers can use the weaknesses in this view in order to formulate independent evidence of that claim.

Educators

Educators can use this view in multiple ways. For example, if there is a focus on teaching weaknesses, the educator could focus on the Top 25.

Membership

CWE-ID	title
CWE-119	内存缓冲区边界内操作的限制不恰当
CWE-79	在Web页面生成时对输入的转义处理不恰当（跨站脚本）
CWE-20	输入验证不恰当
CWE-200	信息暴露
CWE-125	跨界内存读
CWE-89	SQL命令中使用的特殊元素转义处理不恰当（SQL注入）
CWE-416	释放后使用
CWE-190	整数溢出或超界折返
CWE-352	跨站请求伪造（CSRF）
CWE-22	对路径名的限制不恰当（路径遍历）
CWE-78	OS命令中使用的特殊元素转义处理不恰当（OS命令注入）
CWE-787	跨界内存写
CWE-287	认证机制不恰当
CWE-476	空指针解引用
CWE-732	关键资源的不正确权限授予
CWE-434	危险类型文件的不加限制上传
CWE-611	XML外部实体引用的不恰当限制（XXE）
CWE-94	对生成代码的控制不恰当（代码注入）
CWE-798	使用硬编码的凭证
CWE-400	未加控制的资源消耗（资源穷尽）
CWE-772	对已超过有效生命周期的资源丧失索引
CWE-426	不可信的搜索路径
CWE-502	可信数据的反序列化
CWE-269	特权管理不恰当
CWE-295	证书验证不恰当

引用

REF-1028 2019 CWE Top 25 Most Dangerous Software Errors