Missing-Authorisation-KrishnaG-CEO

2024 CWE Top 25 Most Dangerous Software Weaknesses: Missing Authorisation (CWE-862)

Missing Authorisation, identified by CWE-862, refers to a software weakness where an application fails to verify if a user is permitted to access specific resources or perform certain actions. While authentication establishes identity, authorisation ensures that the authenticated user has the necessary permissions. When authorisation is missing, attackers can exploit this oversight to access sensitive data, perform unauthorised transactions, or disrupt services.

Use-After-Free-KrishnaG-CEO

2024 CWE Top 25 Most Dangerous Software Weaknesses: Use After Free (CWE-416)

At its core, a Use After Free vulnerability occurs when a program continues to use memory after it has been freed or deallocated. This behaviour can result in undefined behaviour, ranging from crashes and data corruption to critical security breaches, including arbitrary code execution.

OS-Cmd-i-KrishnaG-CEO

The 2024 CWE Top 25: Understanding and Mitigating CWE-78 – OS Command Injection

OS Command Injection occurs when an application dynamically constructs operating system (OS) commands using untrusted inputs, enabling an attacker to execute arbitrary commands on the host system. These commands often run with the same privileges as the application, amplifying the potential impact.

OoBR-KrishnaG-CEO

2024 CWE Top 25 Most Dangerous Software Weaknesses: Out-of-Bounds Read (CWE-125)

Out-of-Bounds Read occurs when a program reads data past the allocated boundary of a buffer. This behaviour typically arises from improper validation of input data or incorrect indexing in memory operations. By exploiting this weakness, attackers can gain unauthorised access to sensitive information, potentially leading to security violations.

Path-Traversal-Attacks-KrishnaG-CEO

2024 CWE Top 25 Most Dangerous Software Weaknesses: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) CWE-22

Path traversal, also known as directory traversal, is a vulnerability that allows an attacker to access files and directories stored outside the intended directory. By exploiting improper validation of user-supplied input, attackers can manipulate file paths to access sensitive system files, configuration files, or any other data stored on the server.