Remove links to SANS Top 25 CWEs (#3322)

These links are no longer relevant since SANS now just link to CWE, and we already have links to CWEs.
2023-10-18 15:16:00 +02:00 · 2023-10-18 15:16:00 +02:00 · 34814f787b
commit 34814f787b
parent c6c104d066
80 changed files with 0 additions and 91 deletions
--- a/docs/link_formatting.adoc
+++ b/docs/link_formatting.adoc
@ -69,7 +69,6 @@ When web pages have massively long names like "Java™ Platform, Standard Editio
 * Python Documentation - https://docs.python.org/
 * React Documentation - https://reactjs.org/
 * Rhino Security Labs - https://rhinosecuritylabs.com/
-* SANS - https://www.sans.org/
 * SAP Documentation - http://help.sap.com/abapdocu_702/en/abenabap.htm
 * SonarQube Documentation - https://docs.sonarqube.org/latest/
 * Sonar - https://www.sonarsource.com/
--- a/rules/S1053/cfamily/rule.adoc
+++ b/rules/S1053/cfamily/rule.adoc
@ -39,7 +39,6 @@ void fn ( std::string str )

 * MISRA {cpp}:2008, 18-0-5
 * https://cwe.mitre.org/data/definitions/120[MITRE, CWE-120] - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
-* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management

 ifdef::env-github,rspecator-view[]

--- a/rules/S1079/cfamily/rule.adoc
+++ b/rules/S1079/cfamily/rule.adoc
@ -37,7 +37,6 @@ scanf("%9s", buffer);     // Compliant - will not overflow
 * https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[OWASP Top 10 2017 Category A9] - Using Components with Known Vulnerabilities
 * https://cwe.mitre.org/data/definitions/120[MITRE, CWE-120] - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
 * https://cwe.mitre.org/data/definitions/676[MITRE, CWE-676] - Use of Potentially Dangerous Function
-* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management


 ifdef::env-github,rspecator-view[]
--- a/rules/S1081/cfamily/rule.adoc
+++ b/rules/S1081/cfamily/rule.adoc
@ -35,7 +35,6 @@ gets_s(str, sizeof(str)); // Prevent overflows by enforcing a maximum size for `
 * https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[OWASP Top 10 2017 Category A9] - Using Components with Known Vulnerabilities
 * https://cwe.mitre.org/data/definitions/676[MITRE, CWE-676] - Use of Potentially Dangerous Function
 * https://cwe.mitre.org/data/definitions/119[MITRE, CWE-119] - Improper Restriction of Operations within the Bounds of a Memory Buffer
-* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management


 ifdef::env-github,rspecator-view[]
--- a/rules/S1493/see.adoc
+++ b/rules/S1493/see.adoc
@ -3,4 +3,3 @@
 * https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection
 * https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection
 * https://cwe.mitre.org/data/definitions/89[MITRE, CWE-89] - SQL Injection
-* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components
--- a/rules/S2068/cfamily/rule.adoc
+++ b/rules/S2068/cfamily/rule.adoc
@ -38,7 +38,6 @@ dbi_conn_set_option(conn, "password", password.c_str()); // Compliant
 * https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[OWASP Top 10 2017 Category A2] - Broken Authentication
 * https://cwe.mitre.org/data/definitions/798[MITRE, CWE-798] - Use of Hard-coded Credentials
 * https://cwe.mitre.org/data/definitions/259[MITRE, CWE-259] - Use of Hard-coded Password
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
 * Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#HARD_CODE_PASSWORD[Hard Coded Password]

 ifdef::env-github,rspecator-view[]
--- a/rules/S2068/see.adoc
+++ b/rules/S2068/see.adoc
@ -4,5 +4,4 @@
 * https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[OWASP Top 10 2017 Category A2] - Broken Authentication
 * https://cwe.mitre.org/data/definitions/798[MITRE, CWE-798] - Use of Hard-coded Credentials
 * https://cwe.mitre.org/data/definitions/259[MITRE, CWE-259] - Use of Hard-coded Password
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
 * Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#HARD_CODE_PASSWORD[Hard Coded Password]
--- a/rules/S2070/see.adoc
+++ b/rules/S2070/see.adoc
@ -3,5 +3,4 @@
 * https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration
 * https://cwe.mitre.org/data/definitions/328[MITRE, CWE-328] - Reversible One-Way Hash
 * https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
 * https://shattered.io/[SHAttered] - The first concrete collision attack against SHA-1. 
--- a/rules/S2077/java/rule.adoc
+++ b/rules/S2077/java/rule.adoc
@ -75,7 +75,6 @@ public User getUserHibernate(org.hibernate.Session session, String data) {
 * https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation
 * https://cwe.mitre.org/data/definitions/943[MITRE, CWE-943] - Improper Neutralization of Special Elements in Data Query Logic
 * https://wiki.sei.cmu.edu/confluence/x/ITdGBQ[CERT, IDS00-J.] - Prevent SQL injection
-* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components
 * Derived from FindSecBugs rules https://h3xstream.github.io/find-sec-bugs/bugs.htm#SQL_INJECTION_JPA[Potential SQL/JPQL Injection (JPA)], https://h3xstream.github.io/find-sec-bugs/bugs.htm#SQL_INJECTION_JDO[Potential SQL/JDOQL Injection (JDO)], https://h3xstream.github.io/find-sec-bugs/bugs.htm#SQL_INJECTION_HIBERNATE[Potential SQL/HQL Injection (Hibernate)] 

 ifdef::env-github,rspecator-view[]
--- a/rules/S2077/see.adoc
+++ b/rules/S2077/see.adoc
@ -4,5 +4,4 @@
 * https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection
 * https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation
 * https://cwe.mitre.org/data/definitions/89[MITRE, CWE-89] - Improper Neutralization of Special Elements used in an SQL Command
-* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components
 * Derived from FindSecBugs rules https://h3xstream.github.io/find-sec-bugs/bugs.htm#SQL_INJECTION_JPA[Potential SQL/JPQL Injection (JPA)], https://h3xstream.github.io/find-sec-bugs/bugs.htm#SQL_INJECTION_JDO[Potential SQL/JDOQL Injection (JDO)], https://h3xstream.github.io/find-sec-bugs/bugs.htm#SQL_INJECTION_HIBERNATE[Potential SQL/HQL Injection (Hibernate)] 
--- a/rules/S2089/java/rule.adoc
+++ b/rules/S2089/java/rule.adoc
@ -27,7 +27,6 @@ public class MyServlet extends HttpServlet {
 * https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[OWASP Top 10 2017 Category A2] - Broken Authentication
 * https://cwe.mitre.org/data/definitions/807[MITRE, CWE-807] - Reliance on Untrusted Inputs in a Security Decision
 * https://cwe.mitre.org/data/definitions/293[MITRE, CWE-293] - Using Referer Field for Authentication
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses


 ifdef::env-github,rspecator-view[]
--- a/rules/S2092/see.adoc
+++ b/rules/S2092/see.adoc
@ -6,4 +6,3 @@
 * https://cwe.mitre.org/data/definitions/311[MITRE, CWE-311] - Missing Encryption of Sensitive Data
 * https://cwe.mitre.org/data/definitions/315[MITRE, CWE-315] - Cleartext Storage of Sensitive Information in a Cookie
 * https://cwe.mitre.org/data/definitions/614[MITRE, CWE-614] - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
--- a/rules/S2184/cfamily/rule.adoc
+++ b/rules/S2184/cfamily/rule.adoc
@ -36,7 +36,6 @@ void compliant2() {
 * MISRA {cpp}:2008, 5-0-8 - An explicit integral or floating-point conversion shall not increase the size of the underlying type of a cvalue expression.
 * https://cwe.mitre.org/data/definitions/190[MITRE, CWE-190] - Integer Overflow or Wraparound
 * https://wiki.sei.cmu.edu/confluence/x/I9cxBQ[CERT, INT18-C.] - Evaluate integer expressions in a larger size before comparing or assigning to that size
-* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management

 ifdef::env-github,rspecator-view[]

--- a/rules/S2184/csharp/rule.adoc
+++ b/rules/S2184/csharp/rule.adoc
@ -31,7 +31,6 @@ static void Method(float f) { }
 == Resources

 * https://cwe.mitre.org/data/definitions/190[MITRE, CWE-190] - Integer Overflow or Wraparound
-* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management


 ifdef::env-github,rspecator-view[]
--- a/rules/S2184/java/rule.adoc
+++ b/rules/S2184/java/rule.adoc
@ -65,7 +65,6 @@ public float compute2(float factor){
 * https://cwe.mitre.org/data/definitions/190[MITRE, CWE-190] - Integer Overflow or Wraparound
 * https://wiki.sei.cmu.edu/confluence/x/AjdGBQ[CERT, NUM50-J.] - Convert integers to floating point for floating-point operations
 * https://wiki.sei.cmu.edu/confluence/x/I9cxBQ[CERT, INT18-C.] - Evaluate integer expressions in a larger size before comparing or assigning to that size
-* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management

 ifdef::env-github,rspecator-view[]

--- a/rules/S2254/java/rule.adoc
+++ b/rules/S2254/java/rule.adoc
@ -64,7 +64,6 @@ The compliant example instead uses the server's session ID to verify if the sess
 * https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design
 * https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[OWASP Top 10 2017 Category A2] - Broken Authentication
 * https://cwe.mitre.org/data/definitions/807[MITRE, CWE-807] - Reliance on Untrusted Inputs in a Security Decision
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses


 ifdef::env-github,rspecator-view[]
--- a/rules/S2257/python/rule.adoc
+++ b/rules/S2257/python/rule.adoc
@ -17,7 +17,6 @@ class CustomPasswordHasher(BasePasswordHasher):  # Sensitive
 * https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures
 * https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
 * https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
 ifdef::env-github,rspecator-view[]

 '''
--- a/rules/S2257/see.adoc
+++ b/rules/S2257/see.adoc
@ -3,5 +3,4 @@
 * https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures
 * https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
 * https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
 * Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#CUSTOM_MESSAGE_DIGEST[MessageDigest is Custom]
--- a/rules/S2258/java/rule.adoc
+++ b/rules/S2258/java/rule.adoc
@ -15,7 +15,6 @@ NullCipher nc = new NullCipher();

 * https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration
 * https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses


 ifdef::env-github,rspecator-view[]
--- a/rules/S2277/see.adoc
+++ b/rules/S2277/see.adoc
@ -5,5 +5,4 @@
 * https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration
 * https://cwe.mitre.org/data/definitions/780[MITRE, CWE-780] - Use of RSA Algorithm without OAEP
 * https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
 * Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#RSA_NO_PADDING[RSA NoPadding Unsafe]
--- a/rules/S2278/cfamily/rule.adoc
+++ b/rules/S2278/cfamily/rule.adoc
@ -27,7 +27,6 @@ include::../compliant.adoc[]
 * https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration
 * https://cwe.mitre.org/data/definitions/326[MITRE, CWE-326] - Inadequate Encryption Strength
 * https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
 * Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#DES_USAGE[DES / DESede Unsafe]

 ifdef::env-github,rspecator-view[]
--- a/rules/S2278/java/rule.adoc
+++ b/rules/S2278/java/rule.adoc
@ -13,7 +13,6 @@ include::../compliant.adoc[]
 * https://cwe.mitre.org/data/definitions/326[MITRE, CWE-326] - Inadequate Encryption Strength
 * https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm
 * https://wiki.sei.cmu.edu/confluence/x/hDdGBQ[CERT, MSC61-J.] - Do not use insecure or weak cryptographic algorithms
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
 * Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#DES_USAGE[DES / DESede Unsafe]

 ifdef::env-github,rspecator-view[]
--- a/rules/S2278/see.adoc
+++ b/rules/S2278/see.adoc
@ -4,5 +4,4 @@
 * https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration
 * https://cwe.mitre.org/data/definitions/326[MITRE, CWE-326] - Inadequate Encryption Strength
 * https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
 * Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#DES_USAGE[DES / DESede Unsafe]
--- a/rules/S2575/see.adoc
+++ b/rules/S2575/see.adoc
@ -5,4 +5,3 @@
 * https://cwe.mitre.org/data/definitions/79[MITRE, CWE-79] - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
 * https://cwe.mitre.org/data/definitions/80[MITRE, CWE-80] - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
 * https://cwe.mitre.org/data/definitions/352[MITRE, CWE-352] - Cross-Site Request Forgery (CSRF)
-* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components
--- a/rules/S2578/html/rule.adoc
+++ b/rules/S2578/html/rule.adoc
@ -41,7 +41,6 @@ This rule checks that values are not written directly into ``++application/json+
 * https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS)
 * https://cwe.mitre.org/data/definitions/79[MITRE, CWE-79] - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
 * https://cwe.mitre.org/data/definitions/352[MITRE, CWE-352] - Cross-Site Request Forgery (CSRF)
-* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components



--- a/rules/S2608/rule.adoc
+++ b/rules/S2608/rule.adoc
@ -22,5 +22,4 @@ public void doPost(HttpServletRequest request, HttpServletResponse response) thr

 * https://owasp.org/Top10/A04_2021-Insecure_Design/[OWASP Top 10 2021 Category A4] - Insecure Design
 * https://cwe.mitre.org/data/definitions/807[MITRE, CWE-807] - Reliance on Untrusted Inputs in a Security Decision
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses

--- a/rules/S2611/javascript/rule.adoc
+++ b/rules/S2611/javascript/rule.adoc
@ -20,7 +20,6 @@ include("http://hackers.com/steal.js")  // Noncompliant

 * https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection
 * https://cwe.mitre.org/data/definitions/829[MITRE, CWE-829] - Inclusion of Functionality from Untrusted Control Sphere
-* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management


 ifdef::env-github,rspecator-view[]
--- a/rules/S2612/cfamily/rule.adoc
+++ b/rules/S2612/cfamily/rule.adoc
@ -64,7 +64,6 @@ umask(S_IRWXO); // Compliant: further created files or directories will not have
 * https://cwe.mitre.org/data/definitions/732[MITRE, CWE-732] - Incorrect Permission Assignment for Critical Resource
 * https://cwe.mitre.org/data/definitions/266[MITRE, CWE-266] -  Incorrect Privilege Assignment
 * https://wiki.sei.cmu.edu/confluence/display/c/FIO06-C.+Create+files+with+appropriate+access+permissions[CERT, FIO06-C.] - Create files with appropriate access permissions
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses

 ifdef::env-github,rspecator-view[]

--- a/rules/S2612/java/rule.adoc
+++ b/rules/S2612/java/rule.adoc
@ -72,7 +72,6 @@ On operating systems that implement POSIX standard. This will throw a ``++Unsupp
 * https://cwe.mitre.org/data/definitions/266[MITRE, CWE-266] -  Incorrect Privilege Assignment
 * https://wiki.sei.cmu.edu/confluence/display/java/FIO01-J.+Create+files+with+appropriate+access+permissions[CERT, FIO01-J.] - Create files with appropriate access permissions
 * https://wiki.sei.cmu.edu/confluence/display/c/FIO06-C.+Create+files+with+appropriate+access+permissions[CERT, FIO06-C.] - Create files with appropriate access permissions
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses

 ifdef::env-github,rspecator-view[]

--- a/rules/S2612/see.adoc
+++ b/rules/S2612/see.adoc
@ -6,4 +6,3 @@
 * https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/09-Test_File_Permission[OWASP File Permission]
 * https://cwe.mitre.org/data/definitions/732[MITRE, CWE-732] - Incorrect Permission Assignment for Critical Resource
 * https://cwe.mitre.org/data/definitions/266[MITRE, CWE-266] -  Incorrect Privilege Assignment
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
--- a/rules/S2613/cfamily/rule.adoc
+++ b/rules/S2613/cfamily/rule.adoc
@ -23,7 +23,6 @@ char** addOne(char ** cpp, int len) {
 == Resources

 * https://cwe.mitre.org/data/definitions/131[MITRE, CWE-131] - Incorrect Calculation of Buffer Size
-* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management

 ifdef::env-github,rspecator-view[]

--- a/rules/S2615/cfamily/rule.adoc
+++ b/rules/S2615/cfamily/rule.adoc
@ -5,7 +5,6 @@ include::../rule.adoc[]
 * https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection
 * https://cwe.mitre.org/data/definitions/134[MITRE, CWE-134] - Use of Externally-Controlled Format String
 * https://wiki.sei.cmu.edu/confluence/x/RdYxBQ[CERT, FIO30-C.] - Exclude user input from format strings
-* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management

 ifdef::env-github,rspecator-view[]

--- a/rules/S2615/java/rule.adoc
+++ b/rules/S2615/java/rule.adoc
@ -5,7 +5,6 @@ include::../rule.adoc[]
 * https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection
 * https://cwe.mitre.org/data/definitions/134[MITRE, CWE-134] - Use of Externally-Controlled Format String
 * https://wiki.sei.cmu.edu/confluence/x/RdYxBQ[CERT, FIO30-C.] - Exclude user input from format strings
-* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management

 ifdef::env-github,rspecator-view[]

--- a/rules/S2615/swift/rule.adoc
+++ b/rules/S2615/swift/rule.adoc
@ -4,7 +4,6 @@ include::../rule.adoc[]

 * https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection
 * https://cwe.mitre.org/data/definitions/134[MITRE, CWE-134] - Use of Externally-Controlled Format String
-* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management

 ifdef::env-github,rspecator-view[]

--- a/rules/S2647/common/resources/standards.adoc
+++ b/rules/S2647/common/resources/standards.adoc
@ -4,4 +4,3 @@
 * https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
 * https://cheatsheetseries.owasp.org/cheatsheets/Web_Service_Security_Cheat_Sheet.html#user-authentication[OWASP Web Service Security Cheat Sheet]
 * https://cwe.mitre.org/data/definitions/522[MITRE, CWE-522] - Insufficiently Protected Credentials
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
--- a/rules/S2809/abap/rule.adoc
+++ b/rules/S2809/abap/rule.adoc
@ -77,7 +77,6 @@ No issue will be raised when ``++CALL TRANSACTION++`` is followed by ``++WITHOUT
 * https://owasp.org/www-project-top-ten/2017/A2_2017-Broken_Authentication[OWASP Top 10 2017 Category A2] - Broken Authentication
 * https://cwe.mitre.org/data/definitions/285[MITRE, CWE-285] - Improper Authorization
 * https://cwe.mitre.org/data/definitions/862[MITRE, CWE-862] - Missing Authorization
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses


 ifdef::env-github,rspecator-view[]
--- a/rules/S3330/see.adoc
+++ b/rules/S3330/see.adoc
@ -4,5 +4,4 @@
 * https://owasp.org/www-community/HttpOnly[OWASP HttpOnly]
 * https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS)
 * https://cwe.mitre.org/data/definitions/1004[MITRE, CWE-1004] - Sensitive Cookie Without 'HttpOnly' Flag
-* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components
 * Derived from FindSecBugs rule https://find-sec-bugs.github.io/bugs.htm#HTTPONLY_COOKIE[HTTPONLY_COOKIE]
--- a/rules/S3334/php/rule.adoc
+++ b/rules/S3334/php/rule.adoc
@ -31,7 +31,6 @@ allow_url_include=0
 * https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/[OWASP Top 10 2021 Category A8] - Software and Data Integrity Failures
 * https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection
 * https://cwe.mitre.org/data/definitions/829[MITRE, CWE-829] - Inclusion of Functionality from Untrusted Control Sphere
-* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management


 ifdef::env-github,rspecator-view[]
--- a/rules/S3338/php/rule.adoc
+++ b/rules/S3338/php/rule.adoc
@ -28,7 +28,6 @@ file_uploads=0

 * https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration
 * https://cwe.mitre.org/data/definitions/434[MITRE, CWE-434] - Unrestricted Upload of File with Dangerous Type
-* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components


 ifdef::env-github,rspecator-view[]
--- a/rules/S3649/common/resources/articles.adoc
+++ b/rules/S3649/common/resources/articles.adoc
@ -2,4 +2,3 @@

 * https://blog.sonarsource.com/exploiting-hibernate-injections/[SonarSource, Exploiting Hibernate Injections]
 * https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html[OWASP, SQL Injection Prevention Cheat Sheet]
-* https://www.sans.org/top25-software-errors/#cat1[SANS, Top 25 Software Errors] - Insecure Interaction Between Components
--- a/rules/S3752/java/rule.adoc
+++ b/rules/S3752/java/rule.adoc
@ -40,7 +40,6 @@ String delete2(@RequestParam("id") String id) {
 * https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control
 * https://cwe.mitre.org/data/definitions/352[MITRE, CWE-352] - Cross-Site Request Forgery (CSRF)
 * https://owasp.org/www-community/attacks/csrf[OWASP: Cross-Site Request Forgery]
-* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components
 * https://docs.spring.io/spring-security/site/docs/5.0.x/reference/html/csrf.html#csrf-use-proper-verbs[Spring Security Official Documentation: Use proper HTTP verbs (CSRF protection)]


--- a/rules/S3752/python/rule.adoc
+++ b/rules/S3752/python/rule.adoc
@ -83,7 +83,6 @@ def view():
 * https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A5-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control
 * https://cwe.mitre.org/data/definitions/352[MITRE, CWE-352] - Cross-Site Request Forgery (CSRF)
 * https://owasp.org/www-community/attacks/csrf[OWASP: Cross-Site Request Forgery]
-* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components
 * https://docs.djangoproject.com/en/3.1/topics/http/decorators/#allowed-http-methods[Django] - Allowed HTTP Methods
 * https://flask.palletsprojects.com/en/1.1.x/quickstart/#http-methods[Flask] - HTTP Methods

--- a/rules/S4423/common/resources/standards.adoc
+++ b/rules/S4423/common/resources/standards.adoc
@ -3,4 +3,3 @@
 * https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures
 * https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration
 * https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
--- a/rules/S4432/csharp/rule.adoc
+++ b/rules/S4432/csharp/rule.adoc
@ -28,7 +28,6 @@ AesManaged aes = new AesManaged

 * https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration
 * https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
 * https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf[Recommendation for Block Cipher Modes of Operation]
 * Derived from FindSecBugs rule https://find-sec-bugs.github.io/bugs.htm#ECB_MODE[ECB_MODE]
 * Derived from FindSecBugs rule https://find-sec-bugs.github.io/bugs.htm#PADDING_ORACLE[PADDING_ORACLE]
--- a/rules/S4432/java/rule.adoc
+++ b/rules/S4432/java/rule.adoc
@ -30,7 +30,6 @@ Cipher c = Cipher.getInstance("AES/GCM/NoPadding");
 * https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration
 * https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm
 * https://wiki.sei.cmu.edu/confluence/x/hDdGBQ[CERT, MSC61-J.] - Do not use insecure or weak cryptographic algorithms
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
 * https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf[Recommendation for Block Cipher Modes of Operation]
 * Derived from FindSecBugs rule https://find-sec-bugs.github.io/bugs.htm#ECB_MODE[ECB_MODE]
 * Derived from FindSecBugs rule https://find-sec-bugs.github.io/bugs.htm#PADDING_ORACLE[PADDING_ORACLE]
--- a/rules/S4502/see.adoc
+++ b/rules/S4502/see.adoc
@ -4,4 +4,3 @@
 * https://cwe.mitre.org/data/definitions/352[MITRE, CWE-352] - Cross-Site Request Forgery (CSRF)
 * https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration
 * https://owasp.org/www-community/attacks/csrf[OWASP: Cross-Site Request Forgery]
-* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components
--- a/rules/S4529/see.adoc
+++ b/rules/S4529/see.adoc
@ -7,6 +7,3 @@
 * https://cwe.mitre.org/data/definitions/352[MITRE, CWE-352] - Cross-Site Request Forgery (CSRF)
 * https://cwe.mitre.org/data/definitions/79[MITRE, CWE-79] - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
 * https://cwe.mitre.org/data/definitions/22[MITRE, CWE-22] - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
-* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components
-* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
--- a/rules/S4564/csharp/rule.adoc
+++ b/rules/S4564/csharp/rule.adoc
@ -53,7 +53,6 @@ Parameterless methods marked with ``++System.Web.Mvc.HttpPostAttribute++`` will

 * https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS)
 * https://cwe.mitre.org/data/definitions/79[MITRE, CWE-79] - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
-* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components
 * https://www.owasp.org/index.php/ASP.NET_Request_Validation[OWASP ASP.NET Request Validation]


--- a/rules/S4721/see.adoc
+++ b/rules/S4721/see.adoc
@ -3,4 +3,3 @@
 * https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection
 * https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection
 * https://cwe.mitre.org/data/definitions/78[MITRE, CWE-78] - Improper Neutralization of Special Elements used in an OS Command
-* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components
--- a/rules/S4787/see.adoc
+++ b/rules/S4787/see.adoc
@ -9,4 +9,3 @@
 * https://cwe.mitre.org/data/definitions/325[MITRE, CWE-325] - Missing Required Cryptographic Step
 * https://cwe.mitre.org/data/definitions/326[MITRE, CWE-326] - Inadequate Encryption Strength
 * https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
--- a/rules/S4790/see.adoc
+++ b/rules/S4790/see.adoc
@ -6,4 +6,3 @@
 * https://mobile-security.gitbook.io/masvs/security-requirements/0x08-v3-cryptography_verification_requirements[Mobile AppSec Verification Standard] - Cryptography Requirements
 * https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[OWASP Mobile Top 10 2016 Category M5] - Insufficient Cryptography
 * https://cwe.mitre.org/data/definitions/1240[MITRE, CWE-1240] - Use of a Risky Cryptographic Primitive
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
--- a/rules/S4792/see.adoc
+++ b/rules/S4792/see.adoc
@ -5,4 +5,3 @@
 * https://owasp.org/www-project-top-ten/2017/A10_2017-Insufficient_Logging%2526Monitoring[OWASP Top 10 2017 Category A10] - Insufficient Logging & Monitoring
 * https://cwe.mitre.org/data/definitions/117[MITRE, CWE-117] - Improper Output Neutralization for Logs
 * https://cwe.mitre.org/data/definitions/532[MITRE, CWE-532] - Information Exposure Through Log Files
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
--- a/rules/S4797/java/rule.adoc
+++ b/rules/S4797/java/rule.adoc
@ -145,8 +145,6 @@ For example we highlight new ``++File(String parent, String child)++`` but not n
 * https://wiki.sei.cmu.edu/confluence/x/qDZGBQ[CERT, FIO01-J.] - Create files with appropriate access permissions
 * https://wiki.sei.cmu.edu/confluence/x/B9cxBQ[CERT, FIO06-C.] - Create files with appropriate access permissions
 * https://wiki.sei.cmu.edu/confluence/display/c/FIO22-C.+Close+files+before+spawning+processes[CERT, FIO22-C.] Close files before spawning processes
-* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses

 ifdef::env-github,rspecator-view[]

--- a/rules/S4797/see.adoc
+++ b/rules/S4797/see.adoc
@ -8,5 +8,3 @@
 * https://cwe.mitre.org/data/definitions/400[MITRE, CWE-400] - Uncontrolled Resource Consumption ('Resource Exhaustion')
 * https://cwe.mitre.org/data/definitions/538[MITRE, CWE-538] - File and Directory Information Exposure
 * https://cwe.mitre.org/data/definitions/403[MITRE, CWE-403] - Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
-* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
--- a/rules/S4818/see.adoc
+++ b/rules/S4818/see.adoc
@ -4,5 +4,3 @@
 * https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation
 * https://cwe.mitre.org/data/definitions/400[MITRE, CWE-400] - Uncontrolled Resource Consumption ('Resource Exhaustion')
 * https://cwe.mitre.org/data/definitions/200[MITRE, CWE-200] -  Exposure of Sensitive Information to an Unauthorized Actor
-* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
--- a/rules/S4823/see.adoc
+++ b/rules/S4823/see.adoc
@ -3,4 +3,3 @@
 * https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection
 * https://cwe.mitre.org/data/definitions/88[MITRE, CWE-88] - Argument Injection or Modification
 * https://cwe.mitre.org/data/definitions/214[MITRE, CWE-214] - Information Exposure Through Process Environment
-* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components
--- a/rules/S4834/see.adoc
+++ b/rules/S4834/see.adoc
@ -1,7 +1,6 @@
 == See

 * https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
 * https://cwe.mitre.org/data/definitions/276[MITRE, CWE-276] - Incorrect Default Permissions
 * https://cwe.mitre.org/data/definitions/732[MITRE, CWE-732] - Incorrect Permission Assignment for Critical Resource
 * https://cwe.mitre.org/data/definitions/668[MITRE, CWE-668] - Exposure of Resource to Wrong Sphere
--- a/rules/S5122/see.adoc
+++ b/rules/S5122/see.adoc
@ -8,4 +8,3 @@
 * https://cheatsheetseries.owasp.org/cheatsheets/HTML5_Security_Cheat_Sheet.html#cross-origin-resource-sharing[OWASP HTML5 Security Cheat Sheet] - Cross Origin Resource Sharing
 * https://cwe.mitre.org/data/definitions/346[MITRE, CWE-346] - Origin Validation Error
 * https://cwe.mitre.org/data/definitions/942[MITRE, CWE-942] - Overly Permissive Cross-domain Whitelist
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
--- a/rules/S5167/see.adoc
+++ b/rules/S5167/see.adoc
@ -4,4 +4,3 @@
 * https://www.owasp.org/index.php/HTTP_Response_Splitting[OWASP Attack Category] - HTTP Response Splitting
 * https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation
 * https://cwe.mitre.org/data/definitions/113[MITRE, CWE-113] - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
-* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components
--- a/rules/S5300/see.adoc
+++ b/rules/S5300/see.adoc
@ -4,4 +4,3 @@
 * https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection
 * https://cwe.mitre.org/data/definitions/93[MITRE, CWE-93] - Improper Neutralization of CRLF Sequences ('CRLF Injection')
 * https://cwe.mitre.org/data/definitions/80[MITRE, CWE-80] - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
-* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components
--- a/rules/S5322/see.adoc
+++ b/rules/S5322/see.adoc
@ -4,5 +4,4 @@
 * https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[OWASP Mobile Top 10 2016 Category M1] - Improper Platform Usage
 * https://cwe.mitre.org/data/definitions/925[MITRE, CWE-925] - Improper Verification of Intent by Broadcast Receiver
 * https://cwe.mitre.org/data/definitions/926[MITRE, CWE-926] - Improper Export of Android Application Components
-* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components
 * https://developer.android.com/guide/components/broadcasts.html#restricting_broadcasts_with_permissions[Android documentation] - Broadcast Overview - Security considerations and best practices
--- a/rules/S5324/see.adoc
+++ b/rules/S5324/see.adoc
@ -5,5 +5,3 @@
 * https://mobile-security.gitbook.io/masvs/security-requirements/0x07-v2-data_storage_and_privacy_requirements[Mobile AppSec Verification Standard] - Data Storage and Privacy Requirements
 * https://owasp.org/www-project-mobile-top-10/2016-risks/m2-insecure-data-storage[OWASP Mobile Top 10 2016 Category M2] - Insecure Data Storage
 * https://cwe.mitre.org/data/definitions/312[MITRE, CWE-312] - Cleartext Storage of Sensitive Information
-* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
--- a/rules/S5326/java/rule.adoc
+++ b/rules/S5326/java/rule.adoc
@ -64,7 +64,6 @@ public class SSLTLSValidation extends WebViewClient {
 * https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
 * https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration
 * https://cwe.mitre.org/data/definitions/295[MITRE, CWE-295] - Improper Certificate Validation
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses


 ifdef::env-github,rspecator-view[]
--- a/rules/S5334/common/resources/standards.adoc
+++ b/rules/S5334/common/resources/standards.adoc
@ -4,4 +4,3 @@
 * https://www.owasp.org/index.php/Top_10-2017_A1-Injection[OWASP Top 10 2017 Category A1] - Injection
 * https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation
 * https://cwe.mitre.org/data/definitions/95[MITRE, CWE-95] - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
-* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management
--- a/rules/S5335/php/rule.adoc
+++ b/rules/S5335/php/rule.adoc
@ -103,7 +103,6 @@ client-side front-ends.
 * https://cwe.mitre.org/data/definitions/97[MITRE, CWE-97] - Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
 * https://cwe.mitre.org/data/definitions/98[MITRE, CWE-98] - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
 * https://cwe.mitre.org/data/definitions/829[MITRE, CWE-829] - Inclusion of Functionality from Untrusted Control Sphere
-* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management


 ifdef::env-github,rspecator-view[]
--- a/rules/S5344/java/rule.adoc
+++ b/rules/S5344/java/rule.adoc
@ -79,7 +79,6 @@ The ``BCryptPasswordEncoder`` is a password hashing function in Java that is des
 * https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
 * https://cwe.mitre.org/data/definitions/256[MITRE, CWE-256] - Plaintext Storage of a Password
 * https://cwe.mitre.org/data/definitions/916[MITRE, CWE-916] - Use of Password Hash With Insufficient Computational Effort
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses


 ifdef::env-github,rspecator-view[]
--- a/rules/S5392/apex/rule.adoc
+++ b/rules/S5392/apex/rule.adoc
@ -56,7 +56,6 @@ public class My {
 * https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection
 * https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation
 * https://cwe.mitre.org/data/definitions/89[MITRE, CWE-89] - Improper Neutralization of Special Elements used in an SQL Command
-* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components

 ifdef::env-github,rspecator-view[]

--- a/rules/S5439/python/rule.adoc
+++ b/rules/S5439/python/rule.adoc
@ -54,7 +54,6 @@ env = Environment(autoescape=True) # Compliant
 * https://cwe.mitre.org/data/definitions/85[MITRE, CWE-85] - Doubled Character XSS Manipulations
 * https://cwe.mitre.org/data/definitions/86[MITRE, CWE-86] - Improper Neutralization of Invalid Characters in Identifiers in Web Pages
 * https://cwe.mitre.org/data/definitions/87[MITRE, CWE-87] - Improper Neutralization of Alternate XSS Syntax
-* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components 



--- a/rules/S5542/common/resources/standards.adoc
+++ b/rules/S5542/common/resources/standards.adoc
@ -3,4 +3,3 @@
 * https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures
 * https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration
 * https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
--- a/rules/S5547/common/resources/standards.adoc
+++ b/rules/S5547/common/resources/standards.adoc
@ -3,4 +3,3 @@
 * https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures
 * https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
 * https://cwe.mitre.org/data/definitions/327[MITRE, CWE-327] - Use of a Broken or Risky Cryptographic Algorithm
-* https://www.sans.org/top25-software-errors/#cat3[SANS Top 25] - Porous Defenses
--- a/rules/S5696/common/resources/standards.adoc
+++ b/rules/S5696/common/resources/standards.adoc
@ -3,4 +3,3 @@
 * https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection
 * https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)[OWASP Top 10 2017 Category A7] - Cross-Site Scripting (XSS)
 * https://cwe.mitre.org/data/definitions/79[MITRE, CWE-79] - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
-* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components
--- a/rules/S5773/common/resources/standards.adoc
+++ b/rules/S5773/common/resources/standards.adoc
@ -4,4 +4,3 @@
 * OWASP - https://owasp.org/www-project-top-ten/2017/A8_2017-Insecure_Deserialization[Top 10 2017 Category A8 - Insecure Deserialization]
 * CWE - https://cwe.mitre.org/data/definitions/134[CWE-134 - Use of Externally-Controlled Format String]
 * CWE - https://cwe.mitre.org/data/definitions/502[CWE-502 - Deserialization of Untrusted Data]
-* SANS - https://www.sans.org/top25-software-errors/#cat2[Top 25 - Risky Resource Management]
--- a/rules/S6069/cfamily/rule.adoc
+++ b/rules/S6069/cfamily/rule.adoc
@ -53,7 +53,6 @@ sprintf(buf, "%s", message);{code}
 * https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities[OWASP Top 10 2017 Category A9] - Using Components with Known Vulnerabilities
 * https://cwe.mitre.org/data/definitions/676[MITRE, CWE-676] - Use of Potentially Dangerous Function
 * https://cwe.mitre.org/data/definitions/119[MITRE, CWE-119] - Improper Restriction of Operations within the Bounds of a Memory Buffer
-* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management


 ifdef::env-github,rspecator-view[]
--- a/rules/S6105/common/resources/standards.adoc
+++ b/rules/S6105/common/resources/standards.adoc
@ -4,4 +4,3 @@
 * https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control
 * https://cwe.mitre.org/data/definitions/20[MITRE, CWE-20] - Improper Input Validation
 * https://cwe.mitre.org/data/definitions/601[MITRE, CWE-601] - URL Redirection to Untrusted Site ('Open Redirect')
-* https://www.sans.org/top25-software-errors/#cat2[SANS Top 25] - Risky Resource Management
--- a/rules/S6173/common/resources/articles.adoc
+++ b/rules/S6173/common/resources/articles.adoc
@ -1,3 +0,0 @@
-=== Articles & blog posts
-
-* https://www.sans.org/top25-software-errors/#cat1[SANS, Top 25 Software Errors] - Insecure Interaction Between Components
--- a/rules/S6173/csharp/rule.adoc
+++ b/rules/S6173/csharp/rule.adoc
@ -11,8 +11,6 @@ include::how-to-fix-it/dotnet.adoc[]

 == Resources

-include::../common/resources/articles.adoc[]
-
 include::../common/resources/standards.adoc[]

 ifdef::env-github,rspecator-view[]
--- a/rules/S6173/java/rule.adoc
+++ b/rules/S6173/java/rule.adoc
@ -10,8 +10,6 @@ include::how-to-fix-it/java-se.adoc[]

 == Resources

-include::../common/resources/articles.adoc[]
-
 include::../common/resources/standards.adoc[]


--- a/rules/S6173/php/rule.adoc
+++ b/rules/S6173/php/rule.adoc
@ -10,8 +10,6 @@ include::how-to-fix-it/core.adoc[]

 == Resources

-include::../common/resources/articles.adoc[]
-
 include::../common/resources/standards.adoc[]

 ifdef::env-github,rspecator-view[]
--- a/rules/S6350/see.adoc
+++ b/rules/S6350/see.adoc
@ -3,5 +3,4 @@
 * https://owasp.org/Top10/A03_2021-Injection/[OWASP Top 10 2021 Category A3] - Injection
 * https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[OWASP Top 10 2017 Category A1] - Injection
 * https://cwe.mitre.org/data/definitions/88[MITRE, CWE-88] - Argument Injection or Modification
-* https://www.sans.org/top25-software-errors/#cat1[SANS Top 25] - Insecure Interaction Between Components
 * https://blog.sonarsource.com/php-supply-chain-attack-on-composer[CVE-2021-29472] - PHP Supply Chain Attack on Composer
--- a/shared_content/secrets/resources/standards.adoc
+++ b/shared_content/secrets/resources/standards.adoc
@ -2,4 +2,3 @@

 * MITRE - https://cwe.mitre.org/data/definitions/798[CWE-798 - Use of Hard-coded Credentials]
 * MITRE - https://cwe.mitre.org/data/definitions/259[CWE-259 - Use of Hard-coded Password]
-* SANS - https://www.sans.org/top25-software-errors/#cat3[TOP 25 Most Dangerous Software Errors]