View-711: Weaknesses in OWASP Top Ten (2004)

admin 2022年1月14日11:42:59CWE(弱点枚举)评论12 views2120字阅读7分4秒阅读模式

View-711: Weaknesses in OWASP Top Ten (2004)

ID: 711

Type: Graph

Status: Obsolete

Objective

CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2004, and as required for compliance with PCI DSS version 1.1. This view is considered obsolete as a newer version of the OWASP Top Ten is available.

Audience

Software Developers

This view outlines the most important issues as identified by the OWASP Top Ten (2004 version), providing a good starting point for web application developers who want to code more securely, as well as complying with PCI DSS 1.1.

Software Customers

This view outlines the most important issues as identified by the OWASP Top Ten, providing customers with a way of asking their software developers to follow minimum expectations for secure code, in compliance with PCI-DSS 1.1.

Educators

Since the OWASP Top Ten covers the most frequently encountered issues, this view can be used by educators as training material for students. However, the 2007 version (CWE-629) might be more appropriate.

Membership

CWE-ID title
CWE-722 OWASP Top Ten 2004 Category A1 - Unvalidated Input
CWE-723 OWASP Top Ten 2004 Category A2 - Broken Access Control
CWE-724 OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
CWE-725 OWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) Flaws
CWE-726 OWASP Top Ten 2004 Category A5 - Buffer Overflows
CWE-727 OWASP Top Ten 2004 Category A6 - Injection Flaws
CWE-728 OWASP Top Ten 2004 Category A7 - Improper Error Handling
CWE-729 OWASP Top Ten 2004 Category A8 - Insecure Storage
CWE-730 OWASP Top Ten 2004 Category A9 - Denial of Service
CWE-731 OWASP Top Ten 2004 Category A10 - Insecure Configuration Management

Notes

Relationship

CWE relationships for this view were obtained by examining the OWASP document and mapping to any items that were specifically mentioned within the text of a category. As a result, this mapping is not complete with respect to all of CWE. In addition, some concepts were mentioned in multiple Top Ten items, which caused them to be mapped to multiple CWE categories. For example, SQL injection is mentioned in both A1 (CWE-722) and A6 (CWE-727) categories.

Maintenance

Some parts of CWE are not fully fleshed out in terms of weaknesses. When these areas were mentioned in the Top Ten, category nodes were mapped, although general mapping practice would usually favor mapping only to weaknesses.

引用

REF-570 Top 10 2004
REF-571 About the PCI Data Security Standard (PCI DSS)

文章来源于互联网:scap中文网

特别标注: 本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
  • 我的微信
  • 微信扫一扫
  • weinxin
  • 我的微信公众号
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年1月14日11:42:59
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                  View-711: Weaknesses in OWASP Top Ten (2004) https://cn-sec.com/archives/612533.html

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: