CWE-1026
Weaknesses in OWASP Top Ten (2017)
Incomplete
Graph
2018-01-22 +00:00
2023-06-29 +00:00
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Nom: Weaknesses in OWASP Top Ten (2017)
CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2017.
Membres CWE
CWE-1027: OWASP Top Ten 2017 Category A1 - Injection Category
CWE-1028: OWASP Top Ten 2017 Category A2 - Broken Authentication Category
CWE-1029: OWASP Top Ten 2017 Category A3 - Sensitive Data Exposure Category
CWE-1030: OWASP Top Ten 2017 Category A4 - XML External Entities (XXE) Category
CWE-1031: OWASP Top Ten 2017 Category A5 - Broken Access Control Category
CWE-1032: OWASP Top Ten 2017 Category A6 - Security Misconfiguration Category
CWE-1033: OWASP Top Ten 2017 Category A7 - Cross-Site Scripting (XSS) Category
CWE-1034: OWASP Top Ten 2017 Category A8 - Insecure Deserialization Category
CWE-1035: OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Category
CWE-1036: OWASP Top Ten 2017 Category A10 - Insufficient Logging & Monitoring Category
Informations de la vue CWE
Notes de cartographie des vulnérabilités
Justification : This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.Commentaire : Use this View or other Views to search and navigate for the appropriate weakness.
NotesNotes
The relationships in this view have been pulled directly from the 2017 OWASP Top 10 document, either from the explicit mapping section, or from weakness types alluded to in the written sections.Audience
| Partie prenante | Description |
|---|---|
| Software Developers | This view outlines the most important issues as identified by the OWASP Top Ten (2017 version), providing a good starting point for web application developers who want to code more securely. |
| Product Customers | This view outlines the most important issues as identified by the OWASP Top Ten (2017 version), providing product customers with a way of asking their software development teams to follow minimum expectations for secure code. |
| Educators | Since the OWASP Top Ten covers the most frequently encountered issues, this view can be used by educators as training material for students. |
Soumission
| Nom | Organisation | Date | Date de publication | Version |
|---|---|---|---|---|
| CWE Content Team | MITRE | 3.1 |
Modifications
| Nom | Organisation | Date | Commentaire |
|---|---|---|---|
| CWE Content Team | MITRE | updated References | |
| CWE Content Team | MITRE | updated References, View_Audience | |
| CWE Content Team | MITRE | updated Mapping_Notes |
Références
REF-957
Top 10 2017https://owasp.org/www-pdf-archive/OWASP_Top_10-2017_%28en%29.pdf.pdf
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC)
sont maintenues par MITRE Corporation, et les informations sur les configurations
logicielles et matérielles (CPE) proviennent du NVD.