Research Concepts
该视图旨在促进对弱点的研究,包括它们之间的相互依赖性,并可用来系统地找出CWE内部的理论差距。它对弱点进行了分类,在很大程度上忽略了如何检测它们,它们出现在代码中的什么地方,以及它们何时被引入软件开发生命周期。相反,它主要是根据软件行为的抽象来组织的。Development Concepts
该视图围绕软件开发中经常使用或遇到的概念组织弱点。因此,该视图可以与开发人员、教育工作者和评估供应商的观点紧密一致。它提供了多种类别,旨在简化导航、浏览和映射。Architectural Concepts
该视图根据常见的架构安全策略组织弱点。它旨在帮助架构师识别设计软件时可能出现的潜在错误。
CWE-889: SFP Primary Cluster: Exception Management
CWE-892: SFP Primary Cluster: Resource Management
CWE-895: SFP Primary Cluster: Information Leak
CWE-898: SFP Primary Cluster: Authentication
CWE-902: SFP Primary Cluster: Channel
CWE-905: SFP Primary Cluster: Predictability
CWE-929: OWASP Top Ten 2013 Category A1 - Injection
CWE-932: OWASP Top Ten 2013 Category A4 - Insecure Direct Object References
CWE-935: OWASP Top Ten 2013 Category A7 - Missing Function Level Access Control
CWE-938: OWASP Top Ten 2013 Category A10 - Unvalidated Redirects and Forwards
CWE-946: SFP Secondary Cluster: Insecure Resource Permissions
CWE-949: SFP Secondary Cluster: Faulty Endpoint Authentication
CWE-952: SFP Secondary Cluster: Missing Authentication
CWE-955: SFP Secondary Cluster: Unrestricted Authentication
CWE-959: SFP Secondary Cluster: Weak Cryptography
CWE-961: SFP Secondary Cluster: Incorrect Exception Behavior
CWE-963: SFP Secondary Cluster: Exposed Data
CWE-967: SFP Secondary Cluster: State Disclosure
CWE-968: SFP Secondary Cluster: Covert Channel
CWE-969: SFP Secondary Cluster: Faulty Memory Release
CWE-970: SFP Secondary Cluster: Faulty Buffer Access
CWE-971: SFP Secondary Cluster: Faulty Pointer Use
CWE-976: SFP Secondary Cluster: Compiler
CWE-980: SFP Secondary Cluster: Link in Resource Name Resolution
CWE-1008: Architectural Concepts
CWE-1128: CISQ质量措施(2016)
CWE-1178: SEI CERT Perl编码标准解决的弱点
CWE-604: 不推荐使用的条目
CWE-631: DEPRECATED: Resource-specific Weaknesses
CWE-659: Weaknesses in Software Written in C++
[共 1189 条]