SANS has updated its Top 20 Internet Vulnrabilities list.

This SANS Top-20 2005 is a marked deviation from the previous Top-20 lists. In addition to Windows and UNIX categories, we have also included Cross-Platform Applications and Networking Products. The change reflects the dynamic nature of the evolving threat landscape. Unlike the previous Top-20 lists, this list is not “cumulative” in nature. We have only listed critical vulnerabilities from the past year and a half or so. If you have not patched your systems for a length of time, it is highly recommended that you first patch the vulnerabilities listed in the Top-20 2004 list.

The 20 covers the following:

Top Vulnerabilities in Windows Systems

* W1. Windows Services
* W2. Internet Explorer
* W3. Windows Libraries
* W4. Microsoft Office and Outlook Express
* W5. Windows Configuration Weaknesses

Top Vulnerabilities in Cross-Platform Applications

* C1. Backup Software
* C2. Anti-virus Software
* C3. PHP-based Applications
* C4. Database Software
* C5. File Sharing Applications
* C6. DNS Software
* C7. Media Players
* C8. Instant Messaging Applications
* C9. Mozilla and Firefox Browsers
* C10. Other Cross-platform Applications

Top Vulnerabilities in UNIX Systems

* U1. UNIX Configuration Weaknesses
* U2. Mac OS X

Top Vulnerabilities in Networking Products

* N1. Cisco IOS and non-IOS Products
* N2. Juniper, CheckPoint and Symantec Products
* N3. Cisco Devices Configuration Weaknesses

SANS Top 20 Vulnerabilities - The Experts Consensus

If you are in IT professionally it is worth reading this through.

Related Posts: