View-1008: Architectural Concepts

admin 2021年11月5日01:38:13CWE(弱点枚举)评论97 views1706字阅读5分41秒阅读模式

View-1008: Architectural Concepts

ID: 1008

Type: Graph

Status: Incomplete

Objective

This view organizes weaknesses according to common architectural security tactics. It is intended to assist architects in identifying potential mistakes that can be made when designing software.

Audience

Software Designers

Software designers may find this view useful as the weaknesses are organized by known security tactics, aiding the designer in embedding security throughout the design process instead of discovering weaknesses after the software has been built.

Educators

Educators may use this view as reference material when discussing security by design or architectural weaknesses, and the types of mistakes that can be made.

Membership

CWE-ID title
CWE-1009 审计
CWE-1010 验证参与者
CWE-1011 授权参与者
CWE-1012 交叉切割
CWE-1013 加密数据
CWE-1014 识别参与者
CWE-1015 限制访问
CWE-1016 限制暴露
CWE-1017 锁定计算机
CWE-1018 管理用户会话
CWE-1019 输入验证
CWE-1020 验证消息完整性

Notes

Other

The top level categories in this view represent the individual tactics that are part of a secure-by-design approach to software development. The weaknesses that are members of each category contain information about how each is introduced relative to the software's architecture. Three different modes of introduction are used: Omission - caused by missing a security tactic when it is necessary. Commission - refers to incorrect choice of tactics which could result in undesirable consequences. Realization - appropriate security tactics are adopted but are incorrectly implemented.

Maintenance

This view is under development, and subsequent releases will focus on reviewing the individual weaknesses to verify their inclusion in this view and adding any applicable ChildOf relationships. Comments about revisions are welcome.

引用

REF-9 A Catalog of Security Architecture Weaknesses.
REF-10 Understanding Software Vulnerabilities Related to Architectural Security Tactics: An Empirical Investigation of Chromium, PHP and Thunderbird.

文章来源于互联网:scap中文网

特别标注: 本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
  • 我的微信
  • 微信扫一扫
  • weinxin
  • 我的微信公众号
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年11月5日01:38:13
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                  View-1008: Architectural Concepts https://cn-sec.com/archives/613661.html

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: