Nous utilisons des cookies pour améliorer votre expérience de navigation. En savoir plus
Accepter
to the top
close form

Remplissez le formulaire ci‑dessous en 2 étapes simples :

Vos coordonnées :

Étape 1
Félicitations ! Voici votre code promo !

Type de licence souhaité :

Étape 2
Team license
Enterprise licence
** En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité
close form
Demandez des tarifs
Nouvelle licence
Renouvellement de licence
--Sélectionnez la devise--
USD
EUR
* En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité

close form
La licence PVS‑Studio gratuit pour les spécialistes Microsoft MVP
close form
Pour obtenir la licence de votre projet open source, s’il vous plait rempliez ce formulaire
* En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité

close form
I am interested to try it on the platforms:
* En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité

close form
check circle
Votre message a été envoyé.

Nous vous répondrons à


Si l'e-mail n'apparaît pas dans votre boîte de réception, recherchez-le dans l'un des dossiers suivants:

  • Promotion
  • Notifications
  • Spam

Webinar: C++ semantics - 06.11

>
>
>
Classification of PVS-Studio warnings a…

Classification of PVS-Studio warnings according to 2023 CWE Top 25 Most Dangerous Software Weaknesses

CWE Top 25 Most Dangerous Software Weaknesses is a list of the most dangerous and common software weaknesses. These software weaknesses are dangerous because someone can easily find and exploit them. Attackers can use them to disrupt the application's operation, steal data or even completely take over a system. CWE Top 25 Most Dangerous Software Weaknesses is a significant community resource. It helps developers, testers, users, project managers, security researchers and teachers. They use this list to get an idea of the most common and dangerous security defects now.

Below is a table of correspondence between the CWE Top 25 Most Dangerous Software Weaknesses 2023 list and the PVS-Studio diagnostics, divided by programming languages.

PVS-Studio has diagnostic rules for detecting 16/25 (64%) of the listed types of vulnerabilities.

#

CWE ID

Name

PVS-Studio Diagnostics

1

CWE‑787

Out-of-bounds Write

C++: V512, V557, V582, V645

C#: V3106, V3199

Java: V6025

2

CWE‑79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

C#: V5610

3

CWE‑89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

C#: V5608

4

CWE‑416

Use After Free

C++: V623, V723, V758, V774, V1017

5

CWE‑78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

C++: V1010, V5009

C#: V5616

6

CWE‑20

Improper Input Validation

C++: V739, V781, V1010, V1024, V1111, V5009

7

CWE‑125

Out-of-bounds Read

C++: V512, V557, V582

C#: V3106, V3199

Java: V6025

8

CWE‑22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

C#: V5609, V5628

9

CWE‑352

Cross-Site Request Forgery (CSRF)

Coming in the future.

10

CWE‑434

Unrestricted Upload of File with Dangerous Type

Coming in the future.

11

CWE‑862

Missing Authorization

Coming in the future.

12

CWE‑476

NULL Pointer Dereference

C++: V522, V595, V664, V713, V1004

C#: V3027, V3042, V3080, V3095, V3100, V3125, V3145, V3146, V3148, V3149, V3153, V3168, V3195

Java: V6008, V6060, V6093

13

CWE‑287

Improper Authentication

Coming in the future.

14

CWE‑190

Integer Overflow or Wraparound

C++: V629, V658, V673, V683, V1026, V1028, V1081, V1083, V1085, V5004, V5005, V5006, V5007, V5010, V5011

C#: V3113, V3200

Java: V5308, V6105, V6117

15

CWE‑502

Deserialization of Untrusted Data

C#: V5611

16

CWE‑77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

C#: V5616

17

CWE‑119

Improper Restriction of Operations within the Bounds of a Memory Buffer

C++: V512, V557, V582, V769, V783, V1004, V1086

18

CWE‑798

Use of Hard-coded Credentials

C++: V5013

C#: V5601

Java: V5305

19

CWE‑918

Server-Side Request Forgery (SSRF)

C#: V5618

20

CWE‑306

Missing Authentication for Critical Function

Coming in the future.

21

CWE‑362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Coming in the future.

22

CWE‑269

Improper Privilege Management

Coming in the future.

23

CWE‑94

Improper Control of Generation of Code ('Code Injection')

C++: V1076

24

CWE‑863

Incorrect Authorization

Coming in the future.

25

CWE‑276

Incorrect Default Permissions

Coming in the future.