SANS Top 25

Most Dangerous Software Errors

The SANS Institute is a cooperative research and education organization. The SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in software (please note: not all vulnerability types apply to all programming languages). The vulnerabilities include insecure interaction between components, risky resource management, and porous defenses.

RIPS is able to detect 24 out of the SANS Top 25 Most Dangerous Software Errors that can be detected by static analysis software, helps you quickly locate them in your application, and provides detailed information on how to fix the errors.

Rank CWE Name RIPS
1 89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
2 78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
3 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
4 79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
5 306 Missing Authentication for Critical Function
6 862 Missing Authorization
7 798 Use of Hard-coded Credentials
8 311 Missing Encryption of Sensitive Data
9 434 Unrestricted Upload of File with Dangerous Type
10 807 Reliance on Untrusted Inputs in a Security Decision
11 250 Execution with Unnecessary Privileges
12 352 Cross-Site Request Forgery (CSRF)
13 22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
14 494 Download of Code Without Integrity Check
15 863 Incorrect Authorization
16 829 Inclusion of Functionality from Untrusted Control Sphere
17 732 Incorrect Permission Assignment for Critical Resource
18 676 Use of Potentially Dangerous Function
19 327 Use of a Broken or Risky Cryptographic Algorithm
20 131 Incorrect Calculation of Buffer Size
22 601 URL Redirection to Untrusted Site ('Open Redirect')
23 134 Uncontrolled Format String
24 190 Integer Overflow or Wraparound
25 759 Use of a One-Way Hash without a Salt