研究者视图

Research Concepts

该视图旨在促进对弱点的研究,包括它们之间的相互依赖性,并可用来系统地找出CWE内部的理论差距。它对弱点进行了分类,在很大程度上忽略了如何检测它们,它们出现在代码中的什么地方,以及它们何时被引入软件开发生命周期。相反,它主要是根据软件行为的抽象来组织的。

Development Concepts

该视图围绕软件开发中经常使用或遇到的概念组织弱点。因此,该视图可以与开发人员、教育工作者和评估供应商的观点紧密一致。它提供了多种类别,旨在简化导航、浏览和映射。

Architectural Concepts

该视图根据常见的架构安全策略组织弱点。它旨在帮助架构师识别设计软件时可能出现的潜在错误。
CWE-840: 业务逻辑错误 CWE-847: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 4 - Expressions (EXP) CWE-850: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 7 - Methods (MET) CWE-851: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 8 - Exceptional Behavior (ERR) CWE-852: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 9 - Visibility and Atomicity (VNA) CWE-855: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 12 - Thread Pools (TPS) CWE-856: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 13 - Thread-Safety Miscellaneous (TSM) CWE-857: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO) CWE-860: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 17 - Runtime Environment (ENV) CWE-865: 2011 Top 25 - Risky Resource Management CWE-870: CERT C++ Secure Coding Section 02 - Declarations and Initialization (DCL) CWE-873: CERT C++ Secure Coding Section 05 - Floating Point Arithmetic (FLP) CWE-876: CERT C++ Secure Coding Section 08 - Memory Management (MEM) CWE-879: CERT C++ Secure Coding Section 11 - Signals (SIG) CWE-882: CERT C++ Secure Coding Section 14 - Concurrency (CON) CWE-886: SFP Primary Cluster: Unused entities CWE-890: SFP Primary Cluster: Memory Access CWE-893: SFP Primary Cluster: Path Resolution CWE-896: SFP Primary Cluster: Tainted Input CWE-899: SFP Primary Cluster: Access Control CWE-903: SFP Primary Cluster: Cryptography CWE-906: SFP Primary Cluster: UI CWE-930: OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management CWE-933: OWASP Top Ten 2013 Category A5 - Security Misconfiguration CWE-936: OWASP Top Ten 2013 Category A8 - Cross-Site Request Forgery (CSRF) CWE-944: SFP Secondary Cluster: Access Management CWE-947: SFP Secondary Cluster: Authentication Bypass CWE-950: SFP Secondary Cluster: Hardcoded Sensitive Data CWE-953: SFP Secondary Cluster: Missing Endpoint Authentication CWE-964: SFP Secondary Cluster: Exposure Temporary File
[共 1189 条]