Back to glossary

SANS Top 25

A list of the most widespread and critical errors that can lead to serious software vulnerabilities.

Categorysecurity

Overview

The SANS Top 25 (officially the CWE Top 25 Most Dangerous Software Weaknesses) is a list of the most widespread and critical errors that can lead to serious software vulnerabilities. They are often easy to find and easy to exploit.

Categories of Weaknesses

  • Insecure Interaction Between Components: Errors in how data is sent and received between different parts of a system (e.g., SQL Injection).
  • Risky Resource Management: Errors in how a program manages memory or other resources (e.g., Buffer Overflow).
  • Porous Defenses: Errors in how a program implements security features (e.g., Missing Authentication).

Maintenance

The list is maintained by MITRE and is based on data from the Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE).