View-629: Weaknesses in OWASP Top Ten (2007)

ID: 629

Type: Graph

Status: Obsolete

Objective

CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2007. This view is considered obsolete as a newer version of the OWASP Top Ten is available.

Audience

Software Developers

This view outlines the most important issues as identified by the OWASP Top Ten (2007 version), providing a good starting point for web application developers who want to code more securely.

Software Customers

This view outlines the most important issues as identified by the OWASP Top Ten (2007 version), providing customers with a way of asking their software developers to follow minimum expectations for secure code.

Educators

Since the OWASP Top Ten covers the most frequently encountered issues, this view can be used by educators as training material for students.

Membership

CWE-ID	title
CWE-712	OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS)
CWE-713	OWASP Top Ten 2007 Category A2 - Injection Flaws
CWE-714	OWASP Top Ten 2007 Category A3 - Malicious File Execution
CWE-715	OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference
CWE-716	OWASP Top Ten 2007 Category A5 - Cross Site Request Forgery (CSRF)
CWE-717	OWASP Top Ten 2007 Category A6 - Information Leakage and Improper Error Handling
CWE-718	OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management
CWE-719	OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
CWE-720	OWASP Top Ten 2007 Category A9 - Insecure Communications
CWE-721	OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access

Notes

Relationship

The relationships in this view are a direct extraction of the CWE mappings that are in the 2007 OWASP document. CWE has changed since the release of that document.

引用

REF-519 Top 10 2007

文章来源于互联网:scap中文网