The most popular and comprehensive Open Source ECM platform
Security Weaknesses: The Many Ways to Hack Software
How many ways are there to hack software? Unfortunately, too many. Recently a list of top software security vulnerabilities was published. It’s known as the Top 25 Common Weakness Enumeration (CWE).
For years, SQL Injection ranked as the most common and exploited software vulnerability. With the new ranking, it has dropped to 6th place in order of occurrence, although it still ranks with the highest severity score because if it is exploited, the impact of it being able to compromise sensitive data is high.
The top vulnerability in terms of occurrence is related to exploits that are able to read or write past memory buffer bounds.
Javvad Malik, security awareness advocate at KnowBe4, said that “despite many efforts, security is not being embedded effectively enough within the developer community, or in enterprise assurance frameworks. It’s not that we are unaware of how to identify and remedy the issues or prevent them from occurring in the first place; there appears to be a culture where getting software shipped outweighs the security requirements.”
The purpose of theTop 25 CWE list is to emphasize to developers areas in their code where they need to be especially cognizant of coding errors that could enable hacking.
Chris Levendis, CWE project leader, said that “eliminating weaknesses prior to software entering the marketplace is an important step in reducing the attack surface which better protects everybody, anywhere in the world.”