Top 25 Most Dangerous Software Errors and Mitigations- CWE

Sharing is caring!

The Top 25 Most Dangerous Software Errors, often referred to as the CWE (Common Weakness Enumeration) Top 25, is a list compiled by security experts to highlight the most critical and prevalent vulnerabilities in software development. These errors can lead to serious security issues, including unauthorized access, data breaches, and system compromises.

Here is the CWE Top 25 (2024 update), based on their severity, exploitability, impact and countermeasures an :

CWE IDNameCountermeasures and Mitigations
CWE-79Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)Escape special characters, validate inputs, and use a Content Security Policy (CSP).
CWE-787Out-of-bounds WritePerform bounds checking, use memory-safe languages, and employ static analysis tools.
CWE-89Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)Use parameterized queries, prepared statements, and ORM frameworks.
CWE-352Cross-Site Request Forgery (CSRF)Use anti-CSRF tokens, validate request origins, and implement same-site cookies.
CWE-22Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)Sanitize file paths, validate user inputs, and enforce directory traversal protections.
CWE-125Out-of-bounds ReadPerform bounds checking and handle exceptions properly.
CWE-78Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)Validate inputs, use secure APIs for command execution, and escape special characters.
CWE-416Use After FreeImplement robust memory management practices to avoid dangling pointers.
CWE-862Missing AuthorizationEnforce role-based access control (RBAC) and validate permissions.
CWE-434Unrestricted Upload of File with Dangerous TypeValidate file uploads, restrict allowed file types, and use secure storage.
CWE-94Improper Control of Generation of Code (‘Code Injection’)Validate and sanitize inputs before code generation.
CWE-20Improper Input ValidationUse strict input validation techniques and reject malformed data.
CWE-77Improper Neutralization of Special Elements used in a Command (‘Command Injection’)Escape special characters and validate command inputs thoroughly.
CWE-287Improper AuthenticationEnforce strong authentication mechanisms like multi-factor authentication (MFA).
CWE-269Improper Privilege ManagementAdhere to the principle of least privilege and enforce privilege separation.
CWE-502Deserialization of Untrusted DataSanitize and validate all serialized data inputs.
CWE-200Exposure of Sensitive Information to an Unauthorized ActorImplement secure data handling practices and enforce data access policies.
CWE-863Incorrect AuthorizationValidate permissions for all critical resources and enforce access control policies.
CWE-918Server-Side Request Forgery (SSRF)Validate and restrict external resource access requests.
CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferUse memory-safe languages and ensure robust buffer management.
CWE-476NULL Pointer DereferenceCheck for null references before dereferencing pointers.
CWE-798Use of Hard-coded CredentialsAvoid using hard-coded credentials and implement secure storage solutions.
CWE-190Integer Overflow or WraparoundValidate arithmetic operations to prevent overflows or wraparounds.
CWE-400Uncontrolled Resource ConsumptionMonitor and limit resource consumption to prevent denial-of-service (DoS) attacks.
CWE-306Missing Authentication for Critical FunctionEnforce authentication for all critical functions.

Reference : https://cwe.mitre.org/