CWE nodes in this view (graph) are associated with the OWASP Top Ten, as
released in 2004, and as required for compliance with PCI DSS version
1.1.
View Metrics
CWEs in this view
Total CWEs
Total
126
out of
791
Views
0
out of
22
Categories
16
out of
106
Weaknesses
107
out of
651
Compound_Elements
3
out of
12
View Audience
Stakeholder
Description
Developers
This view outlines the most important issues as identified by the
OWASP Top Ten (2004 version), providing a good starting point for web
application developers who want to code more securely, as well as
complying with PCI DSS 1.1.
Software Customers
This view outlines the most important issues as identified by the
OWASP Top Ten, providing customers with a way of asking their software
developers to follow minimum expectations for secure code, in compliance
with PCI-DSS 1.1.
Educators
Since the OWASP Top Ten covers the most frequently encountered issues,
this view can be used by educators as training material for students.
However, the 2007 version (CWE-629) might be more appropriate.
CWE relationships for this view were obtained by examining the OWASP
document and mapping to any items that were specifically mentioned within
the text of a category. As a result, this mapping is not complete with
respect to all of CWE. In addition, some concepts were mentioned in multiple
Top Ten items, which caused them to be mapped to multiple CWE categories.
For example, SQL injection is mentioned in both A1 (CWE-722) and A6
(CWE-727) categories.
Some parts of CWE are not fully fleshed out in terms of weaknesses. When
these areas were mentioned in the Top Ten, category nodes were mapped,
although general mapping practice would usually favor mapping only to
weaknesses.
View Data 
