Category-1005: 7PK-输入验证和表示
ID: 1005
Status: Draft
Summary
This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that exist when an application does not properly validate or represent input. According to the authors of the Seven Pernicious Kingdoms, "Input validation and representation problems are caused by metacharacters, alternate encodings and numeric representations. Security problems result from trusting input."
Membership
ID | NAME |
---|---|
CWE-20 | 输入验证不恰当 |
CWE-77 | 在命令中使用的特殊元素转义处理不恰当(命令注入) |
CWE-79 | 在Web页面生成时对输入的转义处理不恰当(跨站脚本) |
CWE-89 | SQL命令中使用的特殊元素转义处理不恰当(SQL注入) |
CWE-99 | 对资源描述符的控制不恰当(资源注入) |
References
REF-6 Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors
文章来源于互联网:scap中文网
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论