Mitre has recently released their CWE Top 25 Most Dangerous Software Weaknesses list for 2023. CWE stands for Common Weakness Enumeration and this list demonstrates the currently most common and impactful software weaknesses. They are often easy to find and exploit by attackers.
Some interesting insights about the list as compared to last year. The Top 3 spots remained the same and they are:
• CWE-787: Out of bounds Write in first place.
• CWE-79: Cross Site Scripting in Second place, and
• CWE-89: SQL Injection in third place.
The biggest mover ups the list are:
• CWE-416: Use After Free,
• CWS-862: Missing Authorization,
• CWE-269: Improper Privilege Management and
• CWE-863: Incorrect Authorization.
And the biggest downward movers are:
• CWE-502: Deserialisation of untrusted data
• CWE-798: Use of Hardcoded credentials
• CWE-276: Incorrect Default permissions
Check out the full list on the mitre website.
https://cwe.mitre.org/top25/archive/2023/2023_top25_list.html
This segment was created for the It’s 5:05 podcast