Top SANS Risks
The SANS category based statistics found on the scanned asset are displayed on the chart. The category based statistics displayed on the chart represent the total number of vulnerabilities found (center of the chart) with each wedge of the chart representing the count/percentage of vulnerabilities. Clicking on this chart brings up a tabular view of the vulnerabilities categorized as Critical, High, Medium, and Low.
Currently, 15 out of the SANS top 25 vulnerabilities are supported. The supported SANS categories are:
|
ID |
Name |
|---|---|
|
CWE-79 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') XSS |
|
CWE-89 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
|
CWE-20 |
Improper Input Validation |
|
CWE-78 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
|
CWE-22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
|
CWE-352 |
Cross-Site Request Forgery (CSRF) |
|
CWE-434 |
Unrestricted Upload of File with Dangerous Type |
|
CWE-502 |
Deserialization of Untrusted Data |
|
CWE-287 |
Improper Authentication |
| CWE-862 |
Missing Authorization |
|
CWE-77 |
Improper Neutralization of Special Elements used in a Command ('Command Injection') |
|
CWE-306 |
Missing Authentication for Critical Function |
|
CWE-918 |
Server-Side Request Forgery (SSRF) |
|
CWE-611 |
Improper Restriction of XML External Entity Reference |
|
CWE-94 |
Improper Control of Generation of Code ('Code Injection') |