SANS Top 25

Most Dangerous Software Errors

The SANS Institute is a cooperative research and education organization. The SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in software (please note: not all vulnerability types apply to PHP code). The vulnerabilities include insecure interaction between components, risky resource management, and porous defenses.

RIPS is able to detect 24 out of the SANS Top 25 Most Dangerous Software Errors that can be detected by static analysis software, helps you quickly locate them in your application, and provides detailed information on how to fix the errors.

Supported SANS Top 25 Errors

189Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
278Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
3120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
479Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
5306Missing Authentication for Critical Function
6862Missing Authorization
7798Use of Hard-coded Credentials
8311Missing Encryption of Sensitive Data
9434Unrestricted Upload of File with Dangerous Type
10807Reliance on Untrusted Inputs in a Security Decision
11250Execution with Unnecessary Privileges
12352Cross-Site Request Forgery (CSRF)
1322Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
14494Download of Code Without Integrity Check
15863Incorrect Authorization
16829Inclusion of Functionality from Untrusted Control Sphere
17732Incorrect Permission Assignment for Critical Resource
18676Use of Potentially Dangerous Function
19327Use of a Broken or Risky Cryptographic Algorithm
20131Incorrect Calculation of Buffer Size
22601URL Redirection to Untrusted Site ('Open Redirect')
23134Uncontrolled Format String
24190Integer Overflow or Wraparound
25759Use of a One-Way Hash without a Salt
More Standards

Stay current
about our latest features