The SANS TOP 25 is as follows:

• 举报此文章

Raviraj Nehul

Raviraj Nehul

Cybersecurity Analyst | Ethical Hacking

发布日期: 2023年10月7日

+ 关注

1. Insufficiently protected credentials: Credentials, such as usernames and passwords, are a valuable target for attackers. If credentials are not properly protected, attackers can use them to gain unauthorized access to systems and data.
2. Incorrect Permission Assignment for Critical Resource: Critical resources, such as databases and servers, should be protected with appropriate permissions. If permissions are not assigned correctly, attackers may be able to access or modify these resources without authorization.
3. Improper Restriction of XML External Entity Reference (XXE): XXE is a vulnerability that allows attackers to inject malicious XML code into an application. This can lead to a variety of attacks, such as data theft and denial-of-service.
4. Server-Side Request Forgery (SSRF): SSRF is a vulnerability that allows attackers to trick an application into making unauthorized requests to other servers. This can be used to steal data, execute arbitrary code, or pivot to other systems on the network.
5. Improper Neutralization of Special Elements used in a Command (Command Injection): Command injection is a vulnerability that allows attackers to inject arbitrary commands into an application. This can lead to a variety of attacks, such as remote code execution and system takeovers.
6. Out-of-bounds Write
7. Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)
8. Use After Free
9. Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)
10. Improper Input Validation
11. Out-of-bounds Read
12. Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)
13. Cross-Site Request Forgery (CSRF)
14. Unrestricted Upload of File with Dangerous Type
15. Missing Authorization
16. NULL Pointer Dereference
17. Improper Authentication
18. Integer Overflow or Wraparound
19. Deserialization of Untrusted Data
20. Improper Restriction of Operations within the Bounds of a Memory Buffer
21. Missing Authentication for Critical Function
22. Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
23. Improper Privilege Management
24. Improper Control of Generation of Code (Code Injection)
25. Incorrect Authorization Senselearner Technologies Pvt. Ltd.

要查看或添加评论，请登录

Raviraj Nehul的更多文章

• Result Analysis and Visualization to Improve Decision Making for Educational Institutes

  2025年2月25日

  Result Analysis and Visualization to Improve Decision Making for Educational Institutes

  This paper focuses on the exam results of a university. Monitoring university exams requires creating reports and…

  16
• ?? Cybersecurity Awareness: Protecting Your Web Applications! ??

  2023年10月25日

  ?? Cybersecurity Awareness: Protecting Your Web Applications! ??

  Hey cyber warriors! ???????? In our interconnected world, web applications are the heart of our online lives. But…

  13
• ???Exploring the World of Malware in Cybersecurity!!????

  2023年10月18日

  ???Exploring the World of Malware in Cybersecurity!!????

  Hey Cyber Enthusiasts! ???? Today, let's dive into the fascinating and slightly sinister world of #Malware. ?? ?? 1.

  12
• Newly Discovered Zero-Day Attacks!!!??

  2023年10月18日

  Newly Discovered Zero-Day Attacks!!!??

  ?? Urgent Cybersecurity Alert! ?? Ethical hackers play a crucial role in strengthening our digital world. However, even…

  17
• Relationship between CVE, CWE, and NVD

  2023年10月7日

  Relationship between CVE, CWE, and NVD

  CVE, CWE, and NVD are all related to cybersecurity vulnerabilities, but they serve different purposes. CVE is a…

  15
• Ethical hackers use a variety of tools to gather information and assess the security of systems and networks.????

  2023年9月27日

  Ethical hackers use a variety of tools to gather information and assess the security of systems and networks.????

  Nmap: A versatile and powerful open-source network scanner that can discover hosts, services, and open ports on a…

  12
• Gathering data about a target system is a key component of the ethical hacking stages of footprinting and reconnaissance.

  2023年9月27日

  Gathering data about a target system is a key component of the ethical hacking stages of footprinting and reconnaissance.

  1. Footprinting: Footprinting is the initial phase of ethical hacking, where the attacker collects information about…

  16
• 5 Phases of Ethical Hacking : A Quick Overview????????

  2023年9月17日

  5 Phases of Ethical Hacking : A Quick Overview????????

  Reconnaissance: Collecting information about the target. Scanning: Identifying vulnerabilities in the system.

  29
• Cybersecurity in Today's Digital Landscape: Why it Matters more than Ever ??

  2023年9月17日

  Cybersecurity in Today's Digital Landscape: Why it Matters more than Ever ??

  Cybersecurity is crucial today to safeguard sensitive data, privacy, and critical infrastructure from cyber threats…

  24

Show more

See all articles