| This graph depicts the Research View with the varying
levels of weakness abstractions and entry types colored as specified
below. |
| Research View with Abstractions Highlighted |
|
Category |
|
Weakness Class |
|
Weakness Base |
|
Weakness Variant |
|
Compound Elements |
|
| This graph depicts the Research View with the Seven Pernicious Kingdoms entries colored as specified below. |
| Seven Pernicious Kingdoms Highlighted in the Research View |
|
Environment |
|
Input Validation |
|
API Abuse |
|
Security Features |
|
Time and State |
|
Error Handling |
|
Code Quality |
|
Encapsulation |
|
| This graph depicts the Development View with the
varying levels of weakness abstractions and entry types colored as
specified below. |
| Development View with Abstractions Highlighted |
|
Category |
|
Weakness Class |
|
Weakness Base |
|
Weakness Variant |
|
Compound Elements |
|
| This graph depicts the Development View with the Category entry types colored as specified below. |
| Development View with Categories Highlighted |
|
Category |
|
| This graph depicts the Development View with the Seven Pernicious Kingdoms entries colored as specified below. |
| Seven Pernicious Kingdoms Highlighted in the Development View |
|
Environment |
|
Input Validation |
|
API Abuse |
|
Security Features |
|
Time and State |
|
Error Handling |
|
Code Quality |
|
Encapsulation |
|
| This graph depicts the Seven Pernicious Kingdoms entries in CWE colored as specified below. |
| Seven Pernicious Kingdoms View in CWE |
|
Environment |
|
Input Validation |
|
API Abuse |
|
Security Features |
|
Time and State |
|
Error Handling |
|
Code Quality |
|
Encapsulation |
|
| This graph depicts the Development View with the OWASP Top 10 (2004) entries colored as specified below. |
| OWASP Top 10 (2004) Highlighted in the Development View |
|
A1 - Unvalidated Input |
|
A2 - Broken Access Control |
|
A3 - Broken Authentication and Session Management |
|
A4 - Cross-Site Scripting (XSS) Flaws |
|
A5 - Buffer Overflows |
|
A6 - Injection Flaws |
|
A7 - Improper Error Handling |
|
A8 - Insecure Storage |
|
A9 - Denial of Service |
|
A10 - Insecure Configuration Management |
|
| This graph depicts the Research View with the OWASP Top 10 (2004) entries colored as specified below. |
| OWASP Top 10 (2004) Highlighted in the Research View |
|
A1 - Unvalidated Input |
|
A2 - Broken Access Control |
|
A3 - Broken Authentication and Session Management |
|
A4 - Cross-Site Scripting (XSS) Flaws |
|
A5 - Buffer Overflows |
|
A6 - Injection Flaws |
|
A7 - Improper Error Handling |
|
A8 - Insecure Storage |
|
A9 - Denial of Service |
|
A10 - Insecure Configuration Management |
|
| This graph depicts the OWASP Top 10 (2004) entries that have been mapped to CWE entries. |
| OWASP Top 10 (2004) in CWE |
|
A1 - Unvalidated Input |
|
A2 - Broken Access Control |
|
A3 - Broken Authentication and Session Management |
|
A4 - Cross-Site Scripting (XSS) Flaws |
|
A5 - Buffer Overflows |
|
A6 - Injection Flaws |
|
A7 - Improper Error Handling |
|
A8 - Insecure Storage |
|
A9 - Denial of Service |
|
A10 - Insecure Configuration Management |
|
| This graph depicts the OWASP Top 10 (2007) entries that have been mapped to CWE entries. |
| OWASP Top 10 (2007) in CWE |
|
A1 - Cross Site Scripting (XSS) |
|
A2 - Injection Flaws |
|
A3 - Malicious File Execution |
|
A4 - Insecure Direct Object Reference |
|
A5 - Cross Site Request Forgery (CSRF) |
|
A6 - Information Leakage and Improper Error Handling |
|
A7 - Broken Authentication and Session Management |
|
A8 - Insecure Cryptographic Storage |
|
A9 - Insecure Communications |
|
A10 - Failure to Restrict URL Access |
|
| This graph depicts the OWASP Top 10 (2013) entries that have been mapped to CWE entries. |
| OWASP Top 10 (2013) in CWE |
|
A1 - Injection |
|
A2 - Broken Authentication and Session Management |
|
A3 - Cross-Site Scripting (XSS) |
|
A4 - Insecure Direct Object References |
|
A5 - Security Misconfiguration |
|
A6 - Sensitive Data Exposure |
|
A7 - Missing Function Level Access Control |
|
A8 - Cross-Site Request Forgery (CSRF) |
|
A9 - Using Components with Known Vulnerabilities |
|
A10 - Unvalidated Redirects and Forwards |
|
| This graph depicts the Development View with OWASP Top 10 (2004) entries highlighted in red for visibility at a distance. |
| Development View with OWASP Top 10 (2004) in Red |
|
OWASP Top 10 (2004) CWE Entry |
|
| This graph depicts the Research View with OWASP Top 10 (2004) entries highlighted in red for visibility at a distance. |
| Research View with OWASP Top 10 (2004) in Red |
|
OWASP Top 10 (2004) CWE Entry |
|
| This graph depicts the Research View with Seven Pernicious Kingdom entries highlighted in red for visibility at a distance. |
| Research View with Seven Pernicious Kingdoms in Red |
|
Seven Pernicious Kingdoms CWE Entry |
|
| This graph depicts the Development View with Seven Pernicious Kingdom entries highlighted in red for visibility at a distance. |
| Development View with Seven Pernicious Kingdoms in Red |
|
Seven Pernicious Kingdoms CWE Entry |
|
| This graph depicts the CERT C Secure Coding Standard view. |
| Cert C Secure Coding Standard |
|
Preprocessor (PRE), Signals (SIG) |
|
Declarations and Initialization (DCL), Error Handling (ERR) |
|
Expressions (EXP), Miscellaneous (MSC) |
|
Integers (INT) |
|
Floating Point (FLP) |
|
Arrays (ARR) |
|
Characters and Strings (STR) |
|
Memory Management (MEM) |
|
Input Output (FIO) |
|
Environment (ENV), POSIX (POS) |
|
| This graph depicts the CERT C Secure Coding Standard view within the Research View. |
| Cert C Secure Coding Standard |
|
Preprocessor (PRE), Signals (SIG) |
|
Declarations and Initialization (DCL), Error Handling (ERR) |
|
Expressions (EXP), Miscellaneous (MSC) |
|
Integers (INT) |
|
Floating Point (FLP) |
|
Arrays (ARR) |
|
Characters and Strings (STR) |
|
Memory Management (MEM) |
|
Input Output (FIO) |
|
Environment (ENV), POSIX (POS) |
|
| This graph depicts the CERT C Secure Coding Standard view within the Development View. |
| Cert C Secure Coding Standard |
|
Preprocessor (PRE), Signals (SIG) |
|
Declarations and Initialization (DCL), Error Handling (ERR) |
|
Expressions (EXP), Miscellaneous (MSC) |
|
Integers (INT) |
|
Floating Point (FLP) |
|
Arrays (ARR) |
|
Characters and Strings (STR) |
|
Memory Management (MEM) |
|
Input Output (FIO) |
|
Environment (ENV), POSIX (POS) |
|
| This graph depicts the Research View with the CWE Cross-section entries highlighted in red for visibility at a distance. |
| Research View with CWE Cross-section in Red |
|
CWE Cross-section Entry |
|
| This graph depicts the Development View with the CWE Cross-section entries highlighted in red for visibility at a distance. |
| Development View with CWE Cross-section in Red |
|
CWE Cross-section Entry |
|
| This graph depicts the 2011 CWE/SANS Top 25 entries colored as specified below. |
| 2011 CWE/SANS Top 25 |
|
Insecure Interaction Between Components |
|
Risky Resource Management |
|
Porous Defenses |
|
Weaknesses On the Cusp |
|
| This graph depicts the 2010 CWE/SANS Top 25 entries colored as specified below. |
| 2010 CWE/SANS Top 25 |
|
Insecure Interaction Between Components |
|
Risky Resource Management |
|
Porous Defenses |
|
Weaknesses On the Cusp |
|
| This graph depicts the Development View with the 2010 CWE/SANS Top 25 entries highlighted in red for visibility at a distance. |
| Development View with 2010 CWE/SANS Top 25 in Red |
|
2010 CWE/SANS Top 25 Entry |
|
| This graph depicts the Research View with the 2010 CWE/SANS Top 25 entries highlighted in red for visibility at a distance. |
| Research View with 2010 CWE/SANS Top 25 in Red |
|
2010 CWE/SANS Top 25 Entry |
| This graph depicts the 2009 CWE/SANS Top 25 entries colored as specified below. |
| 2009 CWE/SANS Top 25 |
|
Insecure Interaction Between Components |
|
Risky Resource Management |
|
Porous Defenses |
|
