In the real world, there isn’t a definitive list of the top security vulnerabilities. Every application at every organization has its own set of unique security issues. But the high-risk and common weaknesses and flaws described by OWASP (including the OWASP Top 10 2017 and the OWASP Top 10 Mobile) and MITRE (CWE Top 25), among others, are a good start. These lists cover a range of software environments, including web apps and mobile apps, which account for the majority of enterprise applications. Types of vulnerabilities are chosen based on many criteria, such as how common the threats are, how easy they are to detect and remediate, and their potential technical and business impacts.
We can’t tell you which software flaws will pose the most threat to your business in 2019. And we can’t tell you which ones are most likely to cause the next data breach. Instead, we’ve chosen 10 common types of security vulnerabilities where you’ll see a high rate of return for your remediation efforts. These application risks are widespread among web apps and mobile apps and are easy to exploit. But many can be detected using automated tools such as static analysis, without the need for extensive manual code review. And with the right guidance, they can be cheap to remediate. In other words, these common software flaws and weaknesses are low-hanging fruit not only for attackers but also for developers—even those with limited application security resources.
In no particular order, here’s our top 10 software vulnerability list for 2019.