Exposure-Sensitive-Info-KrishnaG-CEO

2024 CWE Top 25 Most Dangerous Software Weaknesses: Exposure of Sensitive Information to an Unauthorised Actor (CWE-200)

CWE-200 refers to a software flaw where sensitive information—such as personal data, proprietary business details, or system configurations—is unintentionally exposed to individuals or entities without proper authorisation. This weakness typically results from poor implementation of access controls, inadequate data masking, or flawed logic in data-handling processes.

Privilege-Mgmt-KrishnaG-CEO

2024 CWE Top 25 Most Dangerous Software Weaknesses: Improper Privilege Management (CWE-269)

Improper Privilege Management, as classified under CWE-269, occurs when a software application improperly manages or enforces access control policies, allowing unauthorised users to perform restricted actions. This weakness can lead to severe consequences, such as data breaches, privilege escalation, and compromise of system integrity.

Missing-Authorisation-KrishnaG-CEO

2024 CWE Top 25 Most Dangerous Software Weaknesses: Missing Authorisation (CWE-862)

Missing Authorisation, identified by CWE-862, refers to a software weakness where an application fails to verify if a user is permitted to access specific resources or perform certain actions. While authentication establishes identity, authorisation ensures that the authenticated user has the necessary permissions. When authorisation is missing, attackers can exploit this oversight to access sensitive data, perform unauthorised transactions, or disrupt services.