{
  "title": "CWE/SANS Top 25 2011",
  "type": "cwesanstop252011",
  "description": "The 2011 CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in software. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.",
  "custom": false,
  "items": [
    {
      "reference": "CWE-120",
      "title": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
      "description": "Rank: 3\nScore: 79.0",
      "url": "http://cwe.mitre.org/top25/#CWE-120"
    },
    {
      "reference": "CWE-131",
      "title": "Incorrect Calculation of Buffer Size",
      "description": "Rank: 20\nScore: 62.4",
      "url": "http://cwe.mitre.org/top25/#CWE-131"
    },
    {
      "reference": "CWE-134",
      "title": "Uncontrolled Format String",
      "description": "Rank: 23\nScore: 61.0",
      "url": "http://cwe.mitre.org/top25/#CWE-134"
    },
    {
      "reference": "CWE-190",
      "title": "Integer Overflow or Wraparound",
      "description": "Rank: 24\nScore: 60.3",
      "url": "http://cwe.mitre.org/top25/#CWE-190"
    },
    {
      "reference": "CWE-22",
      "title": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
      "description": "Rank: 13\nScore: 69.3",
      "url": "http://cwe.mitre.org/top25/#CWE-22"
    },
    {
      "reference": "CWE-250",
      "title": "Execution with Unnecessary Privileges",
      "description": "Rank: 11\nScore: 73.1",
      "url": "http://cwe.mitre.org/top25/#CWE-250"
    },
    {
      "reference": "CWE-306",
      "title": "Missing Authentication for Critical Function",
      "description": "Rank: 5\nScore: 76.9",
      "url": "http://cwe.mitre.org/top25/#CWE-306"
    },
    {
      "reference": "CWE-307",
      "title": "Improper Restriction of Excessive Authentication Attempts",
      "description": "Rank: 21\nScore: 61.5",
      "url": "http://cwe.mitre.org/top25/#CWE-307"
    },
    {
      "reference": "CWE-311",
      "title": "Missing Encryption of Sensitive Data",
      "description": "Rank: 8\nScore: 75.0",
      "url": "http://cwe.mitre.org/top25/#CWE-311"
    },
    {
      "reference": "CWE-327",
      "title": "Use of a Broken or Risky Cryptographic Algorithm",
      "description": "Rank: 19\nScore: 64.1",
      "url": "http://cwe.mitre.org/top25/#CWE-327"
    },
    {
      "reference": "CWE-352",
      "title": "Cross-Site Request Forgery (CSRF)",
      "description": "Rank: 12\nScore: 70.1",
      "url": "http://cwe.mitre.org/top25/#CWE-352"
    },
    {
      "reference": "CWE-434",
      "title": "Unrestricted Upload of File with Dangerous Type",
      "description": "Rank: 9\nScore: 74.0",
      "url": "http://cwe.mitre.org/top25/#CWE-434"
    },
    {
      "reference": "CWE-494",
      "title": "Download of Code Without Integrity Check",
      "description": "Rank: 14\nScore: 68.5",
      "url": "http://cwe.mitre.org/top25/#CWE-494"
    },
    {
      "reference": "CWE-601",
      "title": "URL Redirection to Untrusted Site ('Open Redirect')",
      "description": "Rank: 22\nScore: 61.1",
      "url": "http://cwe.mitre.org/top25/#CWE-601"
    },
    {
      "reference": "CWE-676",
      "title": "Use of Potentially Dangerous Function",
      "description": "Rank: 18\nScore: 64.6",
      "url": "http://cwe.mitre.org/top25/#CWE-676"
    },
    {
      "reference": "CWE-732",
      "title": "Incorrect Permission Assignment for Critical Resource",
      "description": "Rank: 17\nScore: 65.5",
      "url": "http://cwe.mitre.org/top25/#CWE-732"
    },
    {
      "reference": "CWE-759",
      "title": "Use of a One-Way Hash without a Salt",
      "description": "Rank: 25\nScore: 59.9",
      "url": "http://cwe.mitre.org/top25/#CWE-759"
    },
    {
      "reference": "CWE-78",
      "title": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
      "description": "Rank: 2\nScore: 83.3",
      "url": "http://cwe.mitre.org/top25/#CWE-78"
    },
    {
      "reference": "CWE-79",
      "title": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
      "description": "Rank: 4\nScore: 77.7",
      "url": "http://cwe.mitre.org/top25/#CWE-79"
    },
    {
      "reference": "CWE-798",
      "title": "Use of Hard-coded Credential",
      "description": "Rank: 7\nScore: 75.0",
      "url": "http://cwe.mitre.org/top25/#CWE-798"
    },
    {
      "reference": "CWE-807",
      "title": "Reliance on Untrusted Inputs in a Security Decision",
      "description": "Rank: 10\nScore: 73.8",
      "url": "http://cwe.mitre.org/top25/#CWE-807"
    },
    {
      "reference": "CWE-829",
      "title": "Inclusion of Functionality from Untrusted Control Sphere",
      "description": "Rank: 16\nScore: 66.0",
      "url": "http://cwe.mitre.org/top25/#CWE-829"
    },
    {
      "reference": "CWE-862",
      "title": "Missing Authorization",
      "description": "Rank: 6\nScore: 76.8",
      "url": "http://cwe.mitre.org/top25/#CWE-862"
    },
    {
      "reference": "CWE-863",
      "title": "Incorrect Authorization",
      "description": "Rank: 15\nScore: 67.8",
      "url": "http://cwe.mitre.org/top25/#CWE-863"
    },
    {
      "reference": "CWE-89",
      "title": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
      "description": "Rank: 1\nScore: 93.8",
      "url": "http://cwe.mitre.org/top25/#CWE-89"
    }
  ]
}