CWE-1026
Weaknesses in OWASP Top Ten (2017)
Incomplete
Graph
2018-01-22 +00:00
2023-06-29 +00:00
Notifications for a CWE
Stay informed of any changes for a specific CWE.
Name: Weaknesses in OWASP Top Ten (2017)
CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2017.
CWE Members
CWE-1027: OWASP Top Ten 2017 Category A1 - Injection Category
CWE-1028: OWASP Top Ten 2017 Category A2 - Broken Authentication Category
CWE-1029: OWASP Top Ten 2017 Category A3 - Sensitive Data Exposure Category
CWE-1030: OWASP Top Ten 2017 Category A4 - XML External Entities (XXE) Category
CWE-1031: OWASP Top Ten 2017 Category A5 - Broken Access Control Category
CWE-1032: OWASP Top Ten 2017 Category A6 - Security Misconfiguration Category
CWE-1033: OWASP Top Ten 2017 Category A7 - Cross-Site Scripting (XSS) Category
CWE-1034: OWASP Top Ten 2017 Category A8 - Insecure Deserialization Category
CWE-1035: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Category
CWE-1036: OWASP Top Ten 2017 Category A10 - Insufficient Logging & Monitoring Category
CWE View Informations
Vulnerability Mapping Notes
Justification : This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.Comment : Use this View or other Views to search and navigate for the appropriate weakness.
NotesNotes
The relationships in this view have been pulled directly from the 2017 OWASP Top 10 document, either from the explicit mapping section, or from weakness types alluded to in the written sections.Audience
| Stakeholder | Description |
|---|---|
| Software Developers | This view outlines the most important issues as identified by the OWASP Top Ten (2017 version), providing a good starting point for web application developers who want to code more securely. |
| Product Customers | This view outlines the most important issues as identified by the OWASP Top Ten (2017 version), providing product customers with a way of asking their software development teams to follow minimum expectations for secure code. |
| Educators | Since the OWASP Top Ten covers the most frequently encountered issues, this view can be used by educators as training material for students. |
Submission
| Name | Organization | Date | Date release | Version |
|---|---|---|---|---|
| CWE Content Team | MITRE | 3.1 |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CWE Content Team | MITRE | updated References | |
| CWE Content Team | MITRE | updated References, View_Audience | |
| CWE Content Team | MITRE | updated Mapping_Notes |
References
REF-957
Top 10 2017https://owasp.org/www-pdf-archive/OWASP_Top_10-2017_%28en%29.pdf.pdf
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.