研究者视图

Research Concepts

该视图旨在促进对弱点的研究,包括它们之间的相互依赖性,并可用来系统地找出CWE内部的理论差距。它对弱点进行了分类,在很大程度上忽略了如何检测它们,它们出现在代码中的什么地方,以及它们何时被引入软件开发生命周期。相反,它主要是根据软件行为的抽象来组织的。

Development Concepts

该视图围绕软件开发中经常使用或遇到的概念组织弱点。因此,该视图可以与开发人员、教育工作者和评估供应商的观点紧密一致。它提供了多种类别,旨在简化导航、浏览和映射。

Architectural Concepts

该视图根据常见的架构安全策略组织弱点。它旨在帮助架构师识别设计软件时可能出现的潜在错误。
CWE-60: DEPRECATED: UNIX Path Link Problems CWE-720: OWASP Top Ten 2007 Category A9 - Insecure Communications CWE-723: OWASP Top Ten 2004 Category A2 - Broken Access Control CWE-726: OWASP Top Ten 2004 Category A5 - Buffer Overflows CWE-727: OWASP Top Ten 2004 Category A6 - Injection Flaws CWE-728: OWASP Top Ten 2004 Category A7 - Improper Error Handling CWE-729: OWASP Top Ten 2004 Category A8 - Insecure Storage CWE-730: OWASP Top Ten 2004 Category A9 - Denial of Service CWE-731: OWASP Top Ten 2004 Category A10 - Insecure Configuration Management CWE-735: CERT C Secure Coding Standard (2008) Chapter 2 - Preprocessor (PRE) CWE-736: CERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL) CWE-737: CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP) CWE-738: CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT) CWE-741: CERT C Secure Coding Standard (2008) Chapter 8 - Characters and Strings (STR) CWE-744: CERT C Secure Coding Standard (2008) Chapter 11 - Environment (ENV) CWE-745: CERT C Secure Coding Standard (2008) Chapter 12 - Signals (SIG) CWE-746: CERT C Secure Coding Standard (2008) Chapter 13 - Error Handling (ERR) CWE-747: CERT C Secure Coding Standard (2008) Chapter 14 - Miscellaneous (MSC) CWE-748: CERT C Secure Coding Standard (2008) Appendix - POSIX (POS) CWE-751: 2009 Top 25 - Insecure Interaction Between Components CWE-752: 2009 Top 25 - Risky Resource Management CWE-753: 2009 Top 25 - Porous Defenses CWE-803: 2010 Top 25 - Porous Defenses CWE-811: OWASP Top Ten 2010 Category A2 - Cross-Site Scripting (XSS) CWE-814: OWASP Top Ten 2010 Category A5 - Cross-Site Request Forgery(CSRF) CWE-815: OWASP Top Ten 2010 Category A6 - Security Misconfiguration CWE-816: OWASP Top Ten 2010 Category A7 - Insecure Cryptographic Storage CWE-817: OWASP Top Ten 2010 Category A8 - Failure to Restrict URL Access CWE-818: OWASP Top Ten 2010 Category A9 - Insufficient Transport Layer Protection CWE-819: OWASP Top Ten 2010 Category A10 - Unvalidated Redirects and Forwards
[共 1189 条]