Category-1031: OWASP 2017年十大分类A5-失效的访问控制
ID: 1031 Status: Incomplete
Summary
Weaknesses in this category are related to the A5 category in the OWASP Top Ten 2017.
Membership
| ID | NAME |
|---|---|
| CWE-22 | 对路径名的限制不恰当(路径遍历) |
| CWE-284 | 访问控制不恰当 |
| CWE-285 | 授权机制不恰当 |
| CWE-425 | 直接请求(强制性浏览) |
| CWE-639 | 通过用户控制密钥绕过授权机制 |