CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  
ID

CWE CATEGORY: Input Validation and Representation

Category ID: 1005
Status: Draft
+ Description

Description Summary

This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that exist when an application does not properly validate or represent input.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ParentOfWeakness ClassWeakness Class20Improper Input Validation
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness ClassWeakness Class77Improper Neutralization of Special Elements used in a Command ('Command Injection')
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness BaseWeakness Base79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness BaseWeakness Base89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness BaseWeakness Base99Improper Control of Resource Identifiers ('Resource Injection')
Seven Pernicious Kingdoms (primary)700
MemberOfViewView700Seven Pernicious Kingdoms
Seven Pernicious Kingdoms (primary)700
+ References
Katrina Tsipenyuk, Brian Chess and Gary McGraw. "Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors". IEEE Security and Privacy (Volume: 3, Issue: 6). IEEE. 12 December 2005. <http://ieeexplore.ieee.org/document/1556543>.
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
7 Pernicious KingdomsExternally Mined

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017