Fortinet white logo
Fortinet white logo

Top SANS Risks

Top SANS Risks

The SANS category based statistics found on the scanned asset are displayed on the chart. The category based statistics displayed on the chart represent the total number of vulnerabilities found (center of the chart) with each wedge of the chart representing the count/percentage of vulnerabilities. Clicking on this chart brings up a tabular view of the vulnerabilities categorized as Critical, High, Medium, and Low.

Currently, 15 out of the SANS top 25 vulnerabilities are supported. The supported SANS categories are:

ID

Name

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') XSS

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-20

Improper Input Validation

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-352

Cross-Site Request Forgery (CSRF)

CWE-434

Unrestricted Upload of File with Dangerous Type

CWE-502

Deserialization of Untrusted Data

CWE-287

Improper Authentication

CWE-862

Missing Authorization

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-306

Missing Authentication for Critical Function

CWE-918

Server-Side Request Forgery (SSRF)

CWE-611

Improper Restriction of XML External Entity Reference

CWE-94

Improper Control of Generation of Code ('Code Injection')

Top SANS Risks

Top SANS Risks

The SANS category based statistics found on the scanned asset are displayed on the chart. The category based statistics displayed on the chart represent the total number of vulnerabilities found (center of the chart) with each wedge of the chart representing the count/percentage of vulnerabilities. Clicking on this chart brings up a tabular view of the vulnerabilities categorized as Critical, High, Medium, and Low.

Currently, 15 out of the SANS top 25 vulnerabilities are supported. The supported SANS categories are:

ID

Name

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') XSS

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-20

Improper Input Validation

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-352

Cross-Site Request Forgery (CSRF)

CWE-434

Unrestricted Upload of File with Dangerous Type

CWE-502

Deserialization of Untrusted Data

CWE-287

Improper Authentication

CWE-862

Missing Authorization

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-306

Missing Authentication for Critical Function

CWE-918

Server-Side Request Forgery (SSRF)

CWE-611

Improper Restriction of XML External Entity Reference

CWE-94

Improper Control of Generation of Code ('Code Injection')