1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

8/1/2021

0 Comments

2021 Top 25 Most Dangerous Software Weaknesses

 
Picture

2021 Top 25 Most Dangerous Software Weaknesses

Software has weaknesses.

The most dangerous software weaknesses are those that are often easy to find, easy to exploit, and can allow attackers to completely take over a system, prevent an application from working, or steal data.

MITRE recently released the 2021 top 25 most dangerous software weaknesses – a demonstrative list of the most dangerous software weaknesses over the previous two calendar years. To create the 2021 list, MITRE used the Common Vulnerabilities and Exposures (CVE) data found within the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD), and the Common Vulnerability Scoring System (CVSS) scores associated with each CVE record.

The Software Weaknesses List

Here are the top 25 most dangerous software weaknesses over the previous two calendar years:

1. Out-of-Bounds Write

Out-of-bounds write, also known as memory corruption, occurs when the software writes data past the end or before the beginning of the intended buffer. This software weakness can result in code execution, corruption of data, or a crash.

2. Improper Neutralization of Input During Web Page Generation

Improper neutralization of input during web page generation, also known as cross-site scripting (XSS), occurs when the software doesn’t neutralize or incorrectly neutralizes user-controllable input before it’s outputted as a web page.

3. Out-of-Bounds Read

Out-of-bounds read occurs when the software reads data past the end or before the beginning of the intended buffer. This software weakness can cause a crash or allow attackers to read sensitive information from other memory locations.

4. Improper Input Validation

Improper input validation occurs when the software receives input or data, but it doesn’t validate or incorrectly validates the input. When a software doesn’t validate input properly, attackers can craft the input in a form that isn’t expected by the rest of the application. This can result in altered control flow, arbitrary code execution, or arbitrary control of a resource.

5. Improper Neutralization of Special Elements used in an OS Command

Improper neutralization of special elements used in an OS command, also known as OS command injection or shell injection, occurs when the software doesn’t neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it’s sent to a downstream component. This can allow attackers to execute dangerous commands directly on the operating system.

6. Improper Neutralization of Special Elements used in an SQL Command

Improper neutralization of special elements used in an SQL command, also known as SQL injection, occurs when the software doesn’t neutralize or incorrectly neutralizes special elements that can modify the intended SQL command when it’s sent to a downstream component. This can allow attackers to alter query logic to bypass security checks, execute system commands, or insert additional statements that modify the back-end database.

7. Use After Free

Use after free occurs when the use of previously-freed memory can cause the software to crash, cause corruption of valid data, or result in the execution of arbitrary code.

8. Improper Limitation of a Pathname to a Restricted Directory

Improper limitation of a pathname to a restricted directory, also known as path traversal, occurs when the software doesn’t properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that’s outside of the restricted directory. This can allow attackers to escape outside of the restricted location to access files or directories that are elsewhere on the system.

9. Cross-Site Request Forgery (CSRF)

Cross-site request forgery occurs when the web application doesn’t or can’t sufficiently verify a valid request provided by the user. This can allow attackers to trick a client into making an unintentional request to the web server which will then be treated as a valid request.

10. Unrestricted Upload of File with Dangerous Type

Unrestricted upload of file with dangerous type occurs when the software allows the uploading or transferring of files of dangerous types which can be automatically processed within the software’s environment.

11. Missing Authentication for Critical Function

Missing authentication for critical function occurs when the software doesn’t perform any authentication for functionality that requires a valid user identity. This can allow attackers to read or modify sensitive data, access administrative or other privileged functionality, or execute arbitrary code.

12. Integer Overflow or Wraparound

An integer overflow or wraparound occurs when the software performs a calculation in which the logic assumes that the resulting value will always be larger than the original value. This can allow attackers to introduce other weaknesses when the calculation is used for execution control or resource management.

13. Deserialization of Untrusted Data

Deserialization of untrusted data occurs when the software deserializes untrusted data without sufficiently verifying that the resulting data will be valid. An assumption that the code in the deserialized object is valid is susceptible to exploitation. Attackers can change unexpected objects or data that was assumed to be safe from modification.

14. Improper Authentication

Improper authentication occurs when the software doesn’t prove or insufficiently proves that the user’s identity is correct.

15. NULL Pointer Dereference

NULL pointer dereference occurs when the software dereferences a pointer that it expects to be valid, but is NULL, causing an exit or crash.

16. Use of Hard-coded Credentials

The use of hard-coded credentials creates a software weakness that allows attackers to bypass the authentication that has been configured by the software administrator.

17. Improper Restriction of Operations within the Bounds of a Memory Buffer

Improper restriction of operations within the bounds of a memory buffer, also known as buffer overflow, occurs when the software performs operations on a memory buffer, but it can write to or read from a memory location that’s outside of the intended boundary of the buffer. This can allow attackers to change the intended control flow, execute arbitrary code, cause the system to crash, or read sensitive information.

18. Missing Authorization

Missing authorization occurs when a software doesn’t perform an authorization check when a user attempts to access a resource. This can allow attackers to read sensitive data, modify sensitive data, or gain privileges by modifying or reading critical data directly, or by accessing privileged functionality.

19. Incorrect Default Permissions

Incorrect default permissions occur when during the installation of the application, installed file permissions are set to allow anyone to modify those files. This can allow attackers to read or modify application data.

20. Exposure of Sensitive Information to an Unauthorized Actor

Exposure of sensitive information to an unauthorized actor, also known as information leak, occurs when the software exposes sensitive information to a user that isn’t explicitly authorized to have access to that information.

21. Insufficiently Protected Credentials

Insufficiently protected credentials occur when the software transmits or stores authentication credentials, but it uses an insecure method. This can allow attackers to gain access to user accounts and access sensitive data.

22. Incorrect Permission Assignment for Critical Resource

Incorrect permission assignment for critical resource occurs when the software specifies permissions for a security-critical resource, allowing the resource to be read or modified by attackers.

23. Improper Restriction of XML External Entity Reference

Improper restriction of XML external entity reference occurs when the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control. Common consequences of this software weakness include attackers being able to access arbitrary files on the system, or can cause consumption of excessive CPU cycles or memory using a URI that points to a large file, or a device that always returns data such as /dev/random.

24. Server-Side Request Forgery (SSRF)

According to MITRE, in server-side request forgery, the “web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.” A real-world example of server-side request forgery attack allowed attackers to request a URL from another server, including other ports, which allowed proxied scanning.

25. Improper Neutralization of Special Elements used in a Command

Improper neutralization of special elements used in a command occurs when data from an untrusted source enters the application and the data from an untrusted source is executed as a command by the application. This gives attackers privileges or capabilities that they would not otherwise have.

0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    March 2023
    February 2023
    January 2023
    December 2022
    June 2022
    May 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    Artificial Intelligence
    ATP
    Awareness Training
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cyber Espionage
    Cybersecurity
    Cyber Security
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Cybersecurity Tips
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    DDoS
    Email Security
    Fraud
    GDPR
    Hacking
    Impersonation Scams
    IoT
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third-Party Risk
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2023 Driz Group Inc. All rights reserved.
Photo used under Creative Commons from GotCredit