SANS Top 25 Report

The Invicti web application security scanner incorporates several common industry vulnerability standards and protocols. The latest to be added in the Invicti Standard 5.6 January 2020 Update is the SANS Top 25.

In the Invicti Standard 5.6 January 2020 Update, we introduced a new SANS Top 25 Report in Invicti Standard.

SANS Top 25 is a list of the Common Weakness Enumeration's (CWE) most dangerous software errors. These are errors that can result in severe vulnerabilities that can allow attackers to steal data, completely take over applications, or prevent them from working completely. 

The list is based on Common Vulnerabilities and Exposures (CVE) data, information from the National Vulnerability Database (NVD) and from the Common Vulnerability Scoring System (CVSS). Contributors range from across the software industry.

When creating a new scan in Invicti Standard, you can select the SANS Top 25 Checks scan policy from the Scan Policy dropdown in the Start a New Website or Web Service Scan dialog. This ensures that Invicti scans for these vulnerabilities.

Once a scan has been completed, SANS Top 25 issues are displayed as shown in the SANS Top 25 Report.

For further information, see Report Templates and What Errors Are Included in the Top 25 Software Errors?. For further information on other features in this release, see Invicti Standard 5.6 – January 2020 Update.