2021年12月12日05:44:50评论49 views字数 848阅读2分49秒阅读模式

Category-388: 7PK-错误

ID: 388
Status: Draft

Summary

This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that occur when an application does not properly handle errors that occur during processing. According to the authors of the Seven Pernicious Kingdoms, "Errors and error handling represent a class of API. Errors related to error handling are so common that they deserve a special kingdom of their own. As with 'API Abuse,' there are two ways to introduce an error-related security vulnerability: the most common one is handling errors poorly (or not at all). The second is producing errors that either give out too much information (to possible attackers) or are difficult to handle."

Membership

ID	NAME
CWE-391	未经检查的错误条件
CWE-395	使用NullPointerException捕捉来检测空指针解引用
CWE-396	对通用异常声明Catch语句
CWE-397	对通用异常声明Throws语句

References

REF-6 Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors

文章来源于互联网:scap中文网

左青龙
微信扫一扫

右白虎
微信扫一扫

Category-388: 7PK-错误

Category-388: 7PK-错误

Summary

Membership

References

View-999: Weaknesses without Software Fault Patterns

View-884: CWE Cross-section

View-868: Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)

View-844: Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)

View-809: Weaknesses in OWASP Top Ten (2010)

View-800: Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors

View-750: Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors

View-734: Weaknesses Addressed by the CERT C Secure Coding Standard (2008)

View-711: Weaknesses in OWASP Top Ten (2004)

View-709: Named Chains

发表评论

在线咨询

微信