Research Concepts
该视图旨在促进对弱点的研究,包括它们之间的相互依赖性,并可用来系统地找出CWE内部的理论差距。它对弱点进行了分类,在很大程度上忽略了如何检测它们,它们出现在代码中的什么地方,以及它们何时被引入软件开发生命周期。相反,它主要是根据软件行为的抽象来组织的。Development Concepts
该视图围绕软件开发中经常使用或遇到的概念组织弱点。因此,该视图可以与开发人员、教育工作者和评估供应商的观点紧密一致。它提供了多种类别,旨在简化导航、浏览和映射。Architectural Concepts
该视图根据常见的架构安全策略组织弱点。它旨在帮助架构师识别设计软件时可能出现的潜在错误。
CWE-617: 可达断言
CWE-619: 数据库游标悬挂(游标注入)
CWE-620: 未经验证的口令修改
CWE-622: 函数挂钩参数的验证不恰当
CWE-624: 可执行体正则表达式错误
CWE-626: 空字节交互错误
CWE-628: 使用不正确指定参数的函数调用
CWE-637: 保护机制不必要的复杂性(未使用经济性的机制)
CWE-989: SFP Secondary Cluster: Unrestricted Lock
CWE-990: SFP Secondary Cluster: Tainted Input to Command
CWE-991: SFP Secondary Cluster: Tainted Input to Environment
CWE-992: SFP Secondary Cluster: Faulty Input Transformation
CWE-993: SFP Secondary Cluster: Incorrect Input Handling
CWE-994: SFP Secondary Cluster: Tainted Input to Variable
CWE-995: SFP Secondary Cluster: Feature
CWE-996: SFP Secondary Cluster: Security
CWE-997: SFP Secondary Cluster: Information Loss
CWE-998: SFP Secondary Cluster: Glitch in Computation
CWE-1000: Research Concepts
CWE-1026: Weaknesses in OWASP Top Ten (2017)
CWE-1133: SEI CERT Oracle Java编码标准解决的弱点
CWE-1200: Weaknesses in the 2019 CWE Top 25 Most Dangerous Software Errors
CWE-629: Weaknesses in OWASP Top Ten (2007)
CWE-635: Weaknesses Originally Used by NVD from 2008 to 2016
CWE-888: Software Fault Pattern (SFP) Clusters
CWE-900: Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors
CWE-919: Weaknesses in Mobile Applications
CWE-639: 通过用户控制密钥绕过授权机制
CWE-640: 忘记口令恢复机制弱
CWE-642: 对关键状态数据的外部可控制
[共 1189 条]