VULHUB
™
首页
漏洞
ATT&CK
CWE
视图
自定义
留言
关于
登录
首页
漏洞
ATT&CK
CWE
视图
自定义
留言
关于
研究者视图
Research Concepts
该视图旨在促进对弱点的研究,包括它们之间的相互依赖性,并可用来系统地找出CWE内部的理论差距。它对弱点进行了分类,在很大程度上忽略了如何检测它们,它们出现在代码中的什么地方,以及它们何时被引入软件开发生命周期。相反,它主要是根据软件行为的抽象来组织的。
Development Concepts
该视图围绕软件开发中经常使用或遇到的概念组织弱点。因此,该视图可以与开发人员、教育工作者和评估供应商的观点紧密一致。它提供了多种类别,旨在简化导航、浏览和映射。
Architectural Concepts
该视图根据常见的架构安全策略组织弱点。它旨在帮助架构师识别设计软件时可能出现的潜在错误。
CWE-840: 业务逻辑错误
CWE-847: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 4 - Expressions (EXP)
CWE-850: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 7 - Methods (MET)
CWE-851: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 8 - Exceptional Behavior (ERR)
CWE-852: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 9 - Visibility and Atomicity (VNA)
CWE-855: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 12 - Thread Pools (TPS)
CWE-856: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 13 - Thread-Safety Miscellaneous (TSM)
CWE-857: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO)
CWE-860: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 17 - Runtime Environment (ENV)
CWE-865: 2011 Top 25 - Risky Resource Management
CWE-870: CERT C++ Secure Coding Section 02 - Declarations and Initialization (DCL)
CWE-873: CERT C++ Secure Coding Section 05 - Floating Point Arithmetic (FLP)
CWE-876: CERT C++ Secure Coding Section 08 - Memory Management (MEM)
CWE-879: CERT C++ Secure Coding Section 11 - Signals (SIG)
CWE-882: CERT C++ Secure Coding Section 14 - Concurrency (CON)
CWE-886: SFP Primary Cluster: Unused entities
CWE-890: SFP Primary Cluster: Memory Access
CWE-893: SFP Primary Cluster: Path Resolution
CWE-896: SFP Primary Cluster: Tainted Input
CWE-899: SFP Primary Cluster: Access Control
CWE-903: SFP Primary Cluster: Cryptography
CWE-906: SFP Primary Cluster: UI
CWE-930: OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management
CWE-933: OWASP Top Ten 2013 Category A5 - Security Misconfiguration
CWE-936: OWASP Top Ten 2013 Category A8 - Cross-Site Request Forgery (CSRF)
CWE-944: SFP Secondary Cluster: Access Management
CWE-947: SFP Secondary Cluster: Authentication Bypass
CWE-950: SFP Secondary Cluster: Hardcoded Sensitive Data
CWE-953: SFP Secondary Cluster: Missing Endpoint Authentication
CWE-964: SFP Secondary Cluster: Exposure Temporary File
1
2
3
4
5
6
7
8
9
…
39
40
[共 1189 条]