CWE - VIEW GRAPH: CWE-750: Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors (1.6)

Home > CWE List > VIEW GRAPH: CWE-750: Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors (1.6)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-750: Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors

Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors

Definition in a New Window

View ID: 750 (View: Graph)

Status: Incomplete

View Data

View Objective

CWE entries in this view (graph) are listed in the 2009 CWE/SANS Top 25 Programming Errors.

View Metrics

	CWEs in this view		Total CWEs
Total	28	out of	791
Views	0	out of	22
Categories	3	out of	106
Weaknesses	23	out of	651
Compound_Elements	2	out of	12

View Audience

Stakeholder	Description
Developers	By following the Top 25, developers will be able to significantly reduce the number of weaknesses that occur in their software.
Software Customers	If a software developer claims to be following the Top 25, then customers can search for the weaknesses in this view in order to formulate independent evidence of that claim.
Educators	Educators can use this view in multiple ways. For example, if there is a focus on teaching weaknesses, the educator could focus on the Top 25.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
HasMember	Category	751	Insecure Interaction Between Components	Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors (primary)750
HasMember	Category	752	Risky Resource Management	Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors (primary)750
HasMember	Category	753	Porous Defenses	Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors (primary)750

References

"2009 CWE/SANS Top 25 Most Dangerous Programming Errors". 2009-01-12. <http://cwe.mitre.org/top25>.

Content History

Submissions
Submission Date	Submitter	Organization	Source
2009-01-12			Internal CWE Team
2009-01-12

Expand All | Collapse All

750 - Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors

CategoryInsecure Interaction Between Components - (751)Insecure Interaction Between Components - (751)

Weakness BaseCleartext Transmission of Sensitive Information - (319)Cleartext Transmission of Sensitive Information - (319)

Compound Element: CompositeCross-Site Request Forgery (CSRF) - (352)Cross-Site Request Forgery (CSRF) - (352)

Weakness ClassExternal Control of Critical State Data - (642)External Control of Critical State Data - (642)

Weakness BaseInsufficient Session Expiration - (613)Insufficient Session Expiration - (613)

Weakness BaseOrigin Validation Error - (346)Origin Validation Error - (346)

Weakness BaseUnintended Proxy/Intermediary - (441)Unintended Proxy/Intermediary - (441)

Weakness BaseError Message Information Leak - (209)Error Message Information Leak - (209)

Weakness BaseFailure to Preserve Web Page Structure ('Cross-site Scripting') - (79)Failure to Preserve Web Page Structure ('Cross-site Scripting') - (79)

Weakness ClassImproper Encoding or Escaping of Output - (116)Improper Encoding or Escaping of Output - (116)

Weakness ClassImproper Input Validation - (20)Improper Input Validation - (20)

Weakness BaseImproper Sanitization of Special Elements used in an OS Command ('OS Command Injection') - (78)Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') - (78)

Weakness BaseImproper Sanitization of Special Elements used in an SQL Command ('SQL Injection') - (89)Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') - (89)

Weakness ClassRace Condition - (362)Race Condition - (362)

CategoryPorous Defenses - (753)Porous Defenses - (753)

Weakness BaseClient-Side Enforcement of Server-Side Security - (602)Client-Side Enforcement of Server-Side Security - (602)

Weakness ClassExecution with Unnecessary Privileges - (250)Execution with Unnecessary Privileges - (250)

Weakness BaseHard-Coded Password - (259)Hard-Coded Password - (259)

Weakness ClassImproper Access Control (Authorization) - (285)Improper Access Control (Authorization) - (285)

Weakness ClassIncorrect Permission Assignment for Critical Resource - (732)Incorrect Permission Assignment for Critical Resource - (732)

Weakness ClassUse of Insufficiently Random Values - (330)Use of Insufficiently Random Values - (330)

Weakness BaseUse of a Broken or Risky Cryptographic Algorithm - (327)Use of a Broken or Risky Cryptographic Algorithm - (327)

CategoryRisky Resource Management - (752)Risky Resource Management - (752)

Weakness BaseDownload of Code Without Integrity Check - (494)Download of Code Without Integrity Check - (494)

Weakness ClassExternal Control of Critical State Data - (642)External Control of Critical State Data - (642)

Weakness ClassExternal Control of File Name or Path - (73)External Control of File Name or Path - (73)

Weakness ClassFailure to Constrain Operations within the Bounds of a Memory Buffer - (119)Failure to Constrain Operations within the Bounds of a Memory Buffer - (119)

Weakness ClassFailure to Control Generation of Code ('Code Injection') - (94)Failure to Control Generation of Code ('Code Injection') - (94)

Weakness BaseImproper Initialization - (665)Improper Initialization - (665)

Weakness BaseImproper Resource Shutdown or Release - (404)Improper Resource Shutdown or Release - (404)

Weakness ClassIncorrect Calculation - (682)Incorrect Calculation - (682)

Compound Element: CompositeUntrusted Search Path - (426)Untrusted Search Path - (426)

Weakness ClassContainment Errors (Container Errors) - (216)Containment Errors (Container Errors) - (216)

Weakness BaseModification of Assumed-Immutable Data (MAID) - (471)Modification of Assumed-Immutable Data (MAID) - (471)

CategoryPermission Issues - (275)Permission Issues - (275)

Page Last Updated: October 29, 2009


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us