CWE - PDFs with Graphical Depictions of CWE (1.0.1)

Home > CWE List > PDFs with Graphical Depictions of CWE (1.0.1)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

Section Contents
CWE List
Full Dictionary View
Development View
Research View
Graphical Depictions of CWE
Graphical Depictions Archive
Reports
Other Items of Interest
Sources

PDFs with Graphical Depictions of CWE (1.0.1)

PDFs with Graphical Depictions of CWE (1.0.1)

The following PDF files provide graphical representations of various CWE views, which provides a way of quickly seeing the structure implied by the parent relationships in those views. Some files provide "coverage graphs," in which the members of a smaller view are highlighted within the context of a larger view. This provides a way to see how the entries of the smaller view are organized by the larger view.

This graph depicts the Research View with the varying levels of weakness abstractions and entry types colored as specified below.
Research View with Abstractions Highlighted		Category
		Weakness Class
		Weakness Base
		Weakness Variant
		Compound Elements

This graph depicts the Research View with the Seven Pernicious Kingdoms entries colored as specified below.
Seven Pernicious Kingdoms Highlighted in the Research View		Environment
		Input Validation
		API Abuse
		Security Features
		Time and State
		Error Handling
		Code Quality
		Encapsulation

This graph depicts the Development View with the varying levels of weakness abstractions and entry types colored as specified below.
Development View with Abstractions Highlighted		Category
		Weakness Class
		Weakness Base
		Weakness Variant
		Compound Elements

This graph depicts the Development View with the Category entry types colored as specified below.
Development View with Categories Highlighted		Category

This graph depicts the Development View with the Seven Pernicious Kingdoms entries colored as specified below.
Seven Pernicious Kingdoms Highlighted in the Development View		Environment
		Input Validation
		API Abuse
		Security Features
		Time and State
		Error Handling
		Code Quality
		Encapsulation

This graph depicts the Seven Pernicious Kingdoms entries in CWE colored as specified below.
Seven Pernicious Kingdoms View in CWE		Environment
		Input Validation
		API Abuse
		Security Features
		Time and State
		Error Handling
		Code Quality
		Encapsulation

This graph depicts the Development View with the OWASP 2004 entries colored as specified below.
OWASP 2004 Highlighted in the Development View		A1 - Unvalidated Input
		A2 - Broken Access Control
		A3 - Broken Authentication and Session Management
		A4 - Cross-Site Scripting (XSS) Flaws
		A5 - Buffer Overflows
		A6 - Injection Flaws
		A7 - Improper Error Handling
		A8 - Insecure Storage
		A9 - Denial of Service
		A10 - Insecure Configuration Management

This graph depicts the Research View with the OWASP 2004 entries colored as specified below.
OWASP 2004 Highlighted in the Research View		A1 - Unvalidated Input
		A2 - Broken Access Control
		A3 - Broken Authentication and Session Management
		A4 - Cross-Site Scripting (XSS) Flaws
		A5 - Buffer Overflows
		A6 - Injection Flaws
		A7 - Improper Error Handling
		A8 - Insecure Storage
		A9 - Denial of Service
		A10 - Insecure Configuration Management

This graph depicts the OWASP 2004 entries that have been mapped to CWE entries.
OWASP 2004 in CWE		A1 - Unvalidated Input
		A2 - Broken Access Control
		A3 - Broken Authentication and Session Management
		A4 - Cross-Site Scripting (XSS) Flaws
		A5 - Buffer Overflows
		A6 - Injection Flaws
		A7 - Improper Error Handling
		A8 - Insecure Storage
		A9 - Denial of Service
		A10 - Insecure Configuration Management

This graph depicts the OWASP 2007 entries that have been mapped to CWE entries.
OWASP 2007 in CWE		A1 - Cross Site Scripting (XSS)
		A2 - Injection Flaws
		A3 - Malicious File Execution
		A4 - Insecure Direct Object Reference
		A5 - Cross Site Request Forgery (CSRF)
		A6 - Information Leakage and Improper Error Handling
		A7 - Broken Authentication and Session Management
		A8 - Insecure Cryptographic Storage
		A9 - Insecure Communications
		A10 - Failure to Restrict URL Access

This graph depicts the Development View with OWASP 2004 entries highlighted in red for visibility at a distance.
Development View with OWASP 2004 in Red		OWASP 2004 CWE Entry

This graph depicts the Research View with OWASP 2004 entries highlighted in red for visibility at a distance.
Research View with OWASP 2004 in Red		OWASP 2004 CWE Entry

This graph depicts the Research View with Seven Pernicious Kingdom entries highlighted in red for visibility at a distance.
Research View with Seven Pernicious Kingdoms in Red		Seven Pernicious Kingdoms CWE Entry

This graph depicts the Development View with Seven Pernicious Kingdom entries highlighted in red for visibility at a distance.
Development View with Seven Pernicious Kingdoms in Red		Seven Pernicious Kingdoms CWE Entry

Please contact cwe@mitre.org with suggestions for additional views.

Page Last Updated: September 10, 2008


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us