Category-1005: 7PK-输入验证和表示
ID: 1005 Status: Draft
Summary
This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that exist when an application does not properly validate or represent input. According to the authors of the Seven Pernicious Kingdoms, "Input validation and representation problems are caused by metacharacters, alternate encodings and numeric representations. Security problems result from trusting input."
Membership
| ID | NAME |
|---|---|
| CWE-20 | 输入验证不恰当 |
| CWE-77 | 在命令中使用的特殊元素转义处理不恰当(命令注入) |
| CWE-79 | 在Web页面生成时对输入的转义处理不恰当(跨站脚本) |
| CWE-89 | SQL命令中使用的特殊元素转义处理不恰当(SQL注入) |
| CWE-99 | 对资源描述符的控制不恰当(资源注入) |
References
REF-6 Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors