Any change with respect to whitespace is ignored. "Minor"
changes are text changes that only affect capitalization and
punctuation. Most other changes are marked as "Major."
Simple schema changes are treated as Minor, such as the change from
AffectedResource to Affected_Resource in Draft 8, or the relationship
name change from "IsRequiredBy" to "RequiredBy" in
Version 1.0. For each mutual relationship between nodes A and B (such
as ParentOf and ChildOf), a relationship change is noted for both A
and B.
The "Version 2.7 Total" lists the total number of relationships
in Version 2.7. The "Shared" value is the total number of
relationships in entries that were in both Version 2.7 and Version 2.6. The
"New" value is the total number of relationships involving
entries that did not exist in Version 2.6. Thus, the total number of
relationships in Version 2.7 would combine stats from Shared entries and
New entries.
A node change is labeled "important" if it is a major field change and
the field is critical to the meaning of the node. The critical fields
are description, name, and relationships.
| D | | |
7 |
J2EE Misconfiguration: Missing Custom Error Page |
| D | | |
9 |
J2EE Misconfiguration: Weak Access Permissions for EJB Methods |
| | | R |
74 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| | | R |
77 |
Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| | | R |
78 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| | | R |
88 |
Argument Injection or Modification |
| | | R |
89 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| | | R |
90 |
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
| | | R |
91 |
XML Injection (aka Blind XPath Injection) |
| D | | R |
99 |
Improper Control of Resource Identifiers ('Resource Injection') |
| D | | |
105 |
Struts: Form Field Without Validator |
| D | | |
106 |
Struts: Plug-in Framework not in Use |
| D | | |
110 |
Struts: Validator Without Form Field |
| D | | |
157 |
Failure to Sanitize Paired Delimiters |
| | | R |
183 |
Permissive Whitelist |
| D | | |
188 |
Reliance on Data/Memory Layout |
| D | | |
195 |
Signed to Unsigned Conversion Error |
| D | | |
196 |
Unsigned to Signed Conversion Error |
| | | R |
209 |
Information Exposure Through an Error Message |
| | | R |
215 |
Information Exposure Through Debug Information |
| D | | |
245 |
J2EE Bad Practices: Direct Management of Connections |
| D | | |
246 |
J2EE Bad Practices: Direct Use of Sockets |
| D | | |
253 |
Incorrect Check of Function Return Value |
| D | | R |
256 |
Plaintext Storage of a Password |
| D | | |
257 |
Storing Passwords in a Recoverable Format |
| | | R |
284 |
Improper Access Control |
| | | R |
287 |
Improper Authentication |
| | | R |
311 |
Missing Encryption of Sensitive Data |
| | | R |
319 |
Cleartext Transmission of Sensitive Information |
| | | R |
320 |
Key Management Errors |
| | | R |
325 |
Missing Required Cryptographic Step |
| | | R |
327 |
Use of a Broken or Risky Cryptographic Algorithm |
| | | R |
328 |
Reversible One-Way Hash |
| D | N | |
338 |
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
| D | | |
365 |
Race Condition in Switch |
| D | | |
374 |
Passing Mutable Objects to an Untrusted Method |
| D | | |
375 |
Returning a Mutable Object to an Untrusted Caller |
| D | | |
382 |
J2EE Bad Practices: Use of System.exit() |
| D | | |
395 |
Use of NullPointerException Catch to Detect NULL Pointer Dereference |
| D | | |
436 |
Interpretation Conflict |
| D | | |
460 |
Improper Cleanup on Thrown Exception |
| D | | |
467 |
Use of sizeof() on a Pointer Type |
| D | | |
471 |
Modification of Assumed-Immutable Data (MAID) |
| D | | |
474 |
Use of Function with Inconsistent Implementations |
| D | | |
477 |
Use of Obsolete Functions |
| D | | |
478 |
Missing Default Case in Switch Statement |
| D | | |
480 |
Use of Incorrect Operator |
| D | | |
487 |
Reliance on Package-level Scope |
| D | | |
489 |
Leftover Debug Code |
| D | | |
492 |
Use of Inner Class Containing Sensitive Data |
| D | | |
501 |
Trust Boundary Violation |
| D | | |
520 |
.NET Misconfiguration: Use of Impersonation |
| | | R |
522 |
Insufficiently Protected Credentials |
| | | R |
523 |
Unprotected Transport of Credentials |
| | | R |
548 |
Information Exposure Through Directory Listing |
| D | | |
562 |
Return of Stack Variable Address |
| D | N | |
563 |
Assignment to Variable without Use ('Unused Variable') |
| D | | |
579 |
J2EE Bad Practices: Non-serializable Object Stored in Session |
| D | | |
594 |
J2EE Framework: Saving Unserializable Objects to Disk |
| | | R |
613 |
Insufficient Session Expiration |
| D | | |
617 |
Reachable Assertion |
| | | R |
620 |
Unverified Password Change |
| D | | |
621 |
Variable Extraction Error |
| D | | |
626 |
Null Byte Interaction Error (Poison Null Byte) |
| | | R |
640 |
Weak Password Recovery Mechanism for Forgotten Password |
| | | R |
643 |
Improper Neutralization of Data within XPath Expressions ('XPath Injection') |
| | | R |
652 |
Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') |
| | | R |
668 |
Exposure of Resource to Wrong Sphere |
| D | | |
692 |
Incomplete Blacklist to Cross-Site Scripting |
| | | R |
929 |
OWASP Top Ten 2013 Category A1 - Injection |
| | | R |
930 |
OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management |
| | | R |
932 |
OWASP Top Ten 2013 Category A4 - Insecure Direct Object References |
| | | R |
933 |
OWASP Top Ten 2013 Category A5 - Security Misconfiguration |
| | | R |
934 |
OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure |
| | | R |
935 |
OWASP Top Ten 2013 Category A7 - Missing Function Level Access Control |
| 7 |
J2EE Misconfiguration: Missing Custom Error Page |
|
Major |
Common_Consequences, Description, Other_Notes, Potential_Mitigations |
|
Minor |
None |
| 9 |
J2EE Misconfiguration: Weak Access Permissions for EJB Methods |
|
Major |
Description, Other_Notes |
|
Minor |
None |
| 22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
|
Major |
Other_Notes, Research_Gaps |
|
Minor |
Observed_Examples |
| 44 |
Path Equivalence: 'file.name' (Internal Dot) |
|
Major |
Other_Notes, Relationship_Notes |
|
Minor |
None |
| 45 |
Path Equivalence: 'file...name' (Multiple Internal Dot) |
|
Major |
Other_Notes, Relationship_Notes |
|
Minor |
None |
| 48 |
Path Equivalence: 'file name' (Internal Whitespace) |
|
Major |
Applicable_Platforms, Other_Notes, Relationship_Notes |
|
Minor |
None |
| 59 |
Improper Link Resolution Before File Access ('Link Following') |
|
Major |
Common_Consequences, Other_Notes |
|
Minor |
None |
| 61 |
UNIX Symbolic Link (Symlink) Following |
|
Major |
Modes_of_Introduction, Other_Notes |
|
Minor |
None |
| 74 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
|
Major |
Relationships |
|
Minor |
None |
| 77 |
Improper Neutralization of Special Elements used in a Command ('Command Injection') |
|
Major |
Relationships |
|
Minor |
None |
| 78 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
|
Major |
Relationships |
|
Minor |
None |
| 88 |
Argument Injection or Modification |
|
Major |
Relationships |
|
Minor |
None |
| 89 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
|
Major |
Relationships |
|
Minor |
None |
| 90 |
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
|
Major |
Relationships |
|
Minor |
None |
| 91 |
XML Injection (aka Blind XPath Injection) |
|
Major |
Relationships |
|
Minor |
None |
| 96 |
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
|
Major |
Enabling_Factors_for_Exploitation, Other_Notes, Relationship_Notes |
|
Minor |
None |
| 99 |
Improper Control of Resource Identifiers ('Resource Injection') |
|
Major |
Alternate_Terms, Description, Relationship_Notes, Relationships |
|
Minor |
None |
| 105 |
Struts: Form Field Without Validator |
|
Major |
Common_Consequences, Description, Modes_of_Introduction, Other_Notes |
|
Minor |
None |
| 106 |
Struts: Plug-in Framework not in Use |
|
Major |
Description, Other_Notes, Potential_Mitigations |
|
Minor |
None |
| 108 |
Struts: Unvalidated Action Form |
|
Major |
Other_Notes, Potential_Mitigations |
|
Minor |
None |
| 110 |
Struts: Validator Without Form Field |
|
Major |
Description, Other_Notes |
|
Minor |
None |
| 112 |
Missing XML Validation |
|
Major |
Demonstrative_Examples, Other_Notes, Potential_Mitigations |
|
Minor |
None |
| 113 |
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 116 |
Improper Encoding or Escaping of Output |
|
Major |
References |
|
Minor |
None |
| 122 |
Heap-based Buffer Overflow |
|
Major |
Observed_Examples |
|
Minor |
None |
| 125 |
Out-of-bounds Read |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 126 |
Buffer Over-read |
|
Major |
Observed_Examples |
|
Minor |
None |
| 129 |
Improper Validation of Array Index |
|
Major |
None |
|
Minor |
Demonstrative_Examples |
| 130 |
Improper Handling of Length Parameter Inconsistency |
|
Major |
Observed_Examples |
|
Minor |
None |
| 135 |
Incorrect Calculation of Multi-Byte String Length |
|
Major |
Enabling_Factors_for_Exploitation, Other_Notes |
|
Minor |
None |
| 157 |
Failure to Sanitize Paired Delimiters |
|
Major |
Applicable_Platforms, Demonstrative_Examples, Description |
|
Minor |
None |
| 159 |
Failure to Sanitize Special Element |
|
Major |
Other_Notes |
|
Minor |
None |
| 169 |
Technology-Specific Special Elements |
|
Major |
Applicable_Platforms, Modes_of_Introduction, Other_Notes, Potential_Mitigations |
|
Minor |
None |
| 170 |
Improper Null Termination |
|
Major |
Observed_Examples |
|
Minor |
None |
| 183 |
Permissive Whitelist |
|
Major |
Relationships |
|
Minor |
None |
| 185 |
Incorrect Regular Expression |
|
Major |
Applicable_Platforms, Common_Consequences, Other_Notes, Relationship_Notes |
|
Minor |
None |
| 188 |
Reliance on Data/Memory Layout |
|
Major |
Description, Other_Notes |
|
Minor |
None |
| 193 |
Off-by-one Error |
|
Major |
References |
|
Minor |
None |
| 195 |
Signed to Unsigned Conversion Error |
|
Major |
Demonstrative_Examples, Description |
|
Minor |
None |
| 196 |
Unsigned to Signed Conversion Error |
|
Major |
Demonstrative_Examples, Description, Other_Notes |
|
Minor |
None |
| 200 |
Information Exposure |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 208 |
Information Exposure Through Timing Discrepancy |
|
Major |
Other_Notes, Related_Attack_Patterns |
|
Minor |
None |
| 209 |
Information Exposure Through an Error Message |
|
Major |
Relationships |
|
Minor |
None |
| 210 |
Information Exposure Through Self-generated Error Message |
|
Major |
Other_Notes |
|
Minor |
None |
| 213 |
Intentional Information Exposure |
|
Major |
Other_Notes, Relationship_Notes, Theoretical_Notes |
|
Minor |
None |
| 215 |
Information Exposure Through Debug Information |
|
Major |
Relationships |
|
Minor |
None |
| 245 |
J2EE Bad Practices: Direct Management of Connections |
|
Major |
Description, Other_Notes |
|
Minor |
None |
| 246 |
J2EE Bad Practices: Direct Use of Sockets |
|
Major |
Description, Other_Notes |
|
Minor |
None |
| 252 |
Unchecked Return Value |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
| 253 |
Incorrect Check of Function Return Value |
|
Major |
Description, Other_Notes |
|
Minor |
None |
| 256 |
Plaintext Storage of a Password |
|
Major |
Description, Modes_of_Introduction, Other_Notes, Potential_Mitigations, Relationships |
|
Minor |
None |
| 257 |
Storing Passwords in a Recoverable Format |
|
Major |
Description, Other_Notes |
|
Minor |
None |
| 262 |
Not Using Password Aging |
|
Major |
Other_Notes, Potential_Mitigations |
|
Minor |
None |
| 273 |
Improper Check for Dropped Privileges |
|
Major |
Background_Details, Other_Notes, Potential_Mitigations |
|
Minor |
None |
| 284 |
Improper Access Control |
|
Major |
Relationships |
|
Minor |
None |
| 287 |
Improper Authentication |
|
Major |
Relationships |
|
Minor |
None |
| 295 |
Improper Certificate Validation |
|
Major |
Observed_Examples |
|
Minor |
None |
| 300 |
Channel Accessible by Non-Endpoint ('Man-in-the-Middle') |
|
Major |
Observed_Examples |
|
Minor |
None |
| 311 |
Missing Encryption of Sensitive Data |
|
Major |
Relationships |
|
Minor |
None |
| 319 |
Cleartext Transmission of Sensitive Information |
|
Major |
Relationships |
|
Minor |
None |
| 320 |
Key Management Errors |
|
Major |
Relationships |
|
Minor |
None |
| 325 |
Missing Required Cryptographic Step |
|
Major |
Relationships |
|
Minor |
None |
| 327 |
Use of a Broken or Risky Cryptographic Algorithm |
|
Major |
Relationships |
|
Minor |
None |
| 328 |
Reversible One-Way Hash |
|
Major |
Relationships |
|
Minor |
None |
| 330 |
Use of Insufficiently Random Values |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 338 |
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
|
Major |
Applicable_Platforms, Description, Name, Other_Notes |
|
Minor |
None |
| 344 |
Use of Invariant Value in Dynamically Changing Context |
|
Major |
Other_Notes |
|
Minor |
None |
| 346 |
Origin Validation Error |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 364 |
Signal Handler Race Condition |
|
Major |
Demonstrative_Examples, References |
|
Minor |
None |
| 365 |
Race Condition in Switch |
|
Major |
Common_Consequences, Description, Other_Notes, Potential_Mitigations |
|
Minor |
None |
| 374 |
Passing Mutable Objects to an Untrusted Method |
|
Major |
Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, References |
|
Minor |
None |
| 375 |
Returning a Mutable Object to an Untrusted Caller |
|
Major |
Description, Other_Notes, Potential_Mitigations |
|
Minor |
None |
| 378 |
Creation of Temporary File With Insecure Permissions |
|
Major |
Potential_Mitigations |
|
Minor |
None |
| 382 |
J2EE Bad Practices: Use of System.exit() |
|
Major |
Description, Modes_of_Introduction, Other_Notes, Potential_Mitigations |
|
Minor |
None |
| 391 |
Unchecked Error Condition |
|
Major |
Other_Notes |
|
Minor |
None |
| 393 |
Return of Wrong Status Code |
|
Major |
Observed_Examples |
|
Minor |
None |
| 395 |
Use of NullPointerException Catch to Detect NULL Pointer Dereference |
|
Major |
Description, Other_Notes |
|
Minor |
None |
| 399 |
Resource Management Errors |
|
Major |
Other_Notes |
|
Minor |
None |
| 404 |
Improper Resource Shutdown or Release |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 410 |
Insufficient Resource Pool |
|
Major |
Other_Notes, Potential_Mitigations |
|
Minor |
None |
| 421 |
Race Condition During Access to Alternate Channel |
|
Major |
Other_Notes |
|
Minor |
None |
| 436 |
Interpretation Conflict |
|
Major |
Applicable_Platforms, Description, Observed_Examples, Other_Notes, References |
|
Minor |
None |
| 444 |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') |
|
Major |
Other_Notes, Potential_Mitigations, Theoretical_Notes |
|
Minor |
None |
| 452 |
Initialization and Cleanup Errors |
|
Major |
Other_Notes, Research_Gaps |
|
Minor |
None |
| 457 |
Use of Uninitialized Variable |
|
Major |
Modes_of_Introduction, Other_Notes |
|
Minor |
None |
| 459 |
Incomplete Cleanup |
|
Major |
Common_Consequences, Other_Notes, Relationship_Notes |
|
Minor |
None |
| 460 |
Improper Cleanup on Thrown Exception |
|
Major |
Description, Other_Notes |
|
Minor |
None |
| 467 |
Use of sizeof() on a Pointer Type |
|
Major |
Description, Other_Notes |
|
Minor |
None |
| 468 |
Incorrect Pointer Scaling |
|
Major |
Modes_of_Introduction, Other_Notes |
|
Minor |
None |
| 469 |
Use of Pointer Subtraction to Determine Size |
|
Major |
Other_Notes |
|
Minor |
None |
| 471 |
Modification of Assumed-Immutable Data (MAID) |
|
Major |
Applicable_Platforms, Common_Consequences, Description, Other_Notes, Potential_Mitigations, Relationship_Notes, Theoretical_Notes, Time_of_Introduction |
|
Minor |
None |
| 474 |
Use of Function with Inconsistent Implementations |
|
Major |
Applicable_Platforms, Description, Other_Notes |
|
Minor |
None |
| 477 |
Use of Obsolete Functions |
|
Major |
Description, Other_Notes, Potential_Mitigations |
|
Minor |
None |
| 478 |
Missing Default Case in Switch Statement |
|
Major |
Description, Other_Notes, Potential_Mitigations |
|
Minor |
None |
| 480 |
Use of Incorrect Operator |
|
Major |
Applicable_Platforms, Description, Detection_Factors, Other_Notes |
|
Minor |
None |
| 483 |
Incorrect Block Delimitation |
|
Major |
Observed_Examples |
|
Minor |
None |
| 487 |
Reliance on Package-level Scope |
|
Major |
Description, Other_Notes, Potential_Mitigations |
|
Minor |
None |
| 489 |
Leftover Debug Code |
|
Major |
Description, Modes_of_Introduction, Other_Notes, Time_of_Introduction |
|
Minor |
None |
| 492 |
Use of Inner Class Containing Sensitive Data |
|
Major |
Description, Other_Notes |
|
Minor |
None |
| 501 |
Trust Boundary Violation |
|
Major |
Description, Other_Notes |
|
Minor |
None |
| 514 |
Covert Channel |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 520 |
.NET Misconfiguration: Use of Impersonation |
|
Major |
Description, Other_Notes |
|
Minor |
None |
| 522 |
Insufficiently Protected Credentials |
|
Major |
Other_Notes, Relationships |
|
Minor |
None |
| 523 |
Unprotected Transport of Credentials |
|
Major |
Other_Notes, Relationships |
|
Minor |
None |
| 548 |
Information Exposure Through Directory Listing |
|
Major |
Relationships |
|
Minor |
None |
| 549 |
Missing Password Field Masking |
|
Major |
Other_Notes |
|
Minor |
None |
| 561 |
Dead Code |
|
Major |
Observed_Examples |
|
Minor |
None |
| 562 |
Return of Stack Variable Address |
|
Major |
Description, Other_Notes |
|
Minor |
None |
| 563 |
Assignment to Variable without Use ('Unused Variable') |
|
Major |
Common_Consequences, Description, Name, Other_Notes |
|
Minor |
None |
| 579 |
J2EE Bad Practices: Non-serializable Object Stored in Session |
|
Major |
Description, Other_Notes |
|
Minor |
None |
| 594 |
J2EE Framework: Saving Unserializable Objects to Disk |
|
Major |
Description, Other_Notes |
|
Minor |
None |
| 595 |
Comparison of Object References Instead of Object Contents |
|
Major |
Applicable_Platforms, Common_Consequences |
|
Minor |
None |
| 605 |
Multiple Binds to the Same Port |
|
Major |
Enabling_Factors_for_Exploitation, Other_Notes |
|
Minor |
None |
| 613 |
Insufficient Session Expiration |
|
Major |
Relationships |
|
Minor |
None |
| 617 |
Reachable Assertion |
|
Major |
Common_Consequences, Description, Other_Notes |
|
Minor |
None |
| 620 |
Unverified Password Change |
|
Major |
Relationships |
|
Minor |
None |
| 621 |
Variable Extraction Error |
|
Major |
Description, Other_Notes |
|
Minor |
None |
| 624 |
Executable Regular Expression Error |
|
Major |
Observed_Examples |
|
Minor |
None |
| 625 |
Permissive Regular Expression |
|
Major |
Modes_of_Introduction, Other_Notes |
|
Minor |
None |
| 626 |
Null Byte Interaction Error (Poison Null Byte) |
|
Major |
Description, Other_Notes, Research_Gaps, Terminology_Notes |
|
Minor |
None |
| 640 |
Weak Password Recovery Mechanism for Forgotten Password |
|
Major |
Relationships |
|
Minor |
None |
| 643 |
Improper Neutralization of Data within XPath Expressions ('XPath Injection') |
|
Major |
Relationships |
|
Minor |
None |
| 652 |
Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') |
|
Major |
Relationships |
|
Minor |
None |
| 655 |
Insufficient Psychological Acceptability |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 656 |
Reliance on Security Through Obscurity |
|
Major |
Other_Notes, Relationship_Notes |
|
Minor |
None |
| 668 |
Exposure of Resource to Wrong Sphere |
|
Major |
Relationships |
|
Minor |
None |
| 689 |
Permission Race Condition During Resource Copy |
|
Major |
Modes_of_Introduction, Other_Notes |
|
Minor |
Observed_Examples |
| 690 |
Unchecked Return Value to NULL Pointer Dereference |
|
Major |
Modes_of_Introduction, Other_Notes |
|
Minor |
None |
| 692 |
Incomplete Blacklist to Cross-Site Scripting |
|
Major |
Applicable_Platforms, Description, Other_Notes |
|
Minor |
None |
| 705 |
Incorrect Control Flow Scoping |
|
Major |
Observed_Examples |
|
Minor |
None |
| 770 |
Allocation of Resources Without Limits or Throttling |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
| 787 |
Out-of-bounds Write |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 788 |
Access of Memory Location After End of Buffer |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 805 |
Buffer Access with Incorrect Length Value |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
| 828 |
Signal Handler with Functionality that is not Asynchronous-Safe |
|
Major |
Demonstrative_Examples, References |
|
Minor |
None |
| 831 |
Signal Handler Function Associated with Multiple Signals |
|
Major |
Demonstrative_Examples, References |
|
Minor |
None |
| 929 |
OWASP Top Ten 2013 Category A1 - Injection |
|
Major |
Relationships |
|
Minor |
None |
| 930 |
OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management |
|
Major |
Relationships |
|
Minor |
None |
| 932 |
OWASP Top Ten 2013 Category A4 - Insecure Direct Object References |
|
Major |
Relationships |
|
Minor |
None |
| 933 |
OWASP Top Ten 2013 Category A5 - Security Misconfiguration |
|
Major |
Relationships |
|
Minor |
None |
| 934 |
OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure |
|
Major |
Relationships |
|
Minor |
None |
| 935 |
OWASP Top Ten 2013 Category A7 - Missing Function Level Access Control |
|
Major |
Relationships |
|
Minor |
None |
