View-1026: Weaknesses in OWASP Top Ten (2017)

ID: 1026

Type: Graph

Status: Incomplete

Objective

CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2017.

Audience

Software Developers

This view outlines the most important issues as identified by the OWASP Top Ten (2017 version), providing a good starting point for web application developers who want to code more securely.

Software Customers

This view outlines the most important issues as identified by the OWASP Top Ten (2017 version), providing customers with a way of asking their software developers to follow minimum expectations for secure code.

Educators

Since the OWASP Top Ten covers the most frequently encountered issues, this view can be used by educators as training material for students.

Membership

CWE-ID title
CWE-1027 OWASP 2017年十大分类A1-注入
CWE-1028 OWASP 2017年十大分类A2-失效的身份认证
CWE-1029 OWASP 2017年十大分类A3-敏感信息泄漏
CWE-1030 OWASP 2017年十大分类A4-XML外部实体(XXE)
CWE-1031 OWASP 2017年十大分类A5-失效的访问控制
CWE-1032 OWASP 2017年十大分类A6-安全配置错误
CWE-1033 OWASP 2017年十大分类A7-跨站脚本(XSS)
CWE-1034 OWASP 2017年十大分类A8-不安全的反序列化
CWE-1035 OWASP 2017年十大分类A9-使用含有已知漏洞的组件
CWE-1036 OWASP 2017年十大分类A10-不足的日志记录和监控

Notes

Relationship

The relationships in this view have been pulled directly from the 2017 OWASP Top 10 document, either from the explicit mapping section, or from weakness types alluded to in the written sections.

引用

REF-957 Top 10 2017