Research Concepts
该视图旨在促进对弱点的研究,包括它们之间的相互依赖性,并可用来系统地找出CWE内部的理论差距。它对弱点进行了分类,在很大程度上忽略了如何检测它们,它们出现在代码中的什么地方,以及它们何时被引入软件开发生命周期。相反,它主要是根据软件行为的抽象来组织的。Development Concepts
该视图围绕软件开发中经常使用或遇到的概念组织弱点。因此,该视图可以与开发人员、教育工作者和评估供应商的观点紧密一致。它提供了多种类别,旨在简化导航、浏览和映射。Architectural Concepts
该视图根据常见的架构安全策略组织弱点。它旨在帮助架构师识别设计软件时可能出现的潜在错误。
CWE-874: CERT C++ Secure Coding Section 06 - Arrays and the STL (ARR)
CWE-877: CERT C++ Secure Coding Section 09 - Input Output (FIO)
CWE-880: CERT C++ Secure Coding Section 12 - Exceptions and Error Handling (ERR)
CWE-883: CERT C++ Secure Coding Section 49 - Miscellaneous (MSC)
CWE-887: SFP Primary Cluster: API
CWE-891: SFP Primary Cluster: Memory Management
CWE-894: SFP Primary Cluster: Synchronization
CWE-897: SFP Primary Cluster: Entry Points
CWE-901: SFP Primary Cluster: Privilege
CWE-904: SFP Primary Cluster: Malware
CWE-907: SFP Primary Cluster: Other
CWE-931: OWASP Top Ten 2013 Category A3 - Cross-Site Scripting (XSS)
CWE-934: OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure
CWE-937: OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-945: SFP Secondary Cluster: Insecure Resource Access
CWE-948: SFP Secondary Cluster: Digital Certificate
CWE-951: SFP Secondary Cluster: Insecure Authentication Policy
CWE-954: SFP Secondary Cluster: Multiple Binds to the Same Port
CWE-956: SFP Secondary Cluster: Channel Attack
CWE-957: SFP Secondary Cluster: Protocol Error
CWE-958: SFP Secondary Cluster: Broken Cryptography
CWE-960: SFP Secondary Cluster: Ambiguous Exception Type
CWE-962: SFP Secondary Cluster: Unchecked Status Condition
CWE-965: SFP Secondary Cluster: Insecure Session Management
CWE-972: SFP Secondary Cluster: Faulty String Expansion
CWE-973: SFP Secondary Cluster: Improper NULL Termination
CWE-974: SFP Secondary Cluster: Incorrect Buffer Length Computation
CWE-977: SFP Secondary Cluster: Design
CWE-981: SFP Secondary Cluster: Path Traversal
CWE-982: SFP Secondary Cluster: Failure to Release Resource
[共 1189 条]