CWE重要脆弱性一覧:OWASP Top 10
・2013年
Cleartext Storage of Sensitive Information (CWE-312)
Cleartext Transmission of Sensitive Information (CWE-319)
Command Injection - Generic (CWE-77)
Cross-Site Request Forgery (CSRF) (CWE-352)
Cross-site Scripting (XSS) - DOM (CWE-79)
Cross-site Scripting (XSS) - Generic (CWE-79)
Cross-site Scripting (XSS) - Reflected (CWE-79)
Cross-site Scripting (XSS) - Stored (CWE-79)
Cryptographic Issues - Generic (CWE-310)
Improper Access Control - Generic (CWE-284)
Improper Authentication - Generic (CWE-287)
Inadequate Encryption Strength (CWE-326)
Information Exposure Through Debug Information (CWE-215)
Information Exposure Through Directory Listing (CWE-548)
Information Exposure Through an Error Message (CWE-209)
Insecure Direct Object Reference (IDOR) (CWE-639)
Insecure Storage of Sensitive Information (CWE-922)
Insufficient Session Expiration (CWE-613)
Insufficiently Protected Credentials (CWE-522)
LDAP Injection (CWE-90)
Missing Encryption of Sensitive Data (CWE-311)
Missing Required Cryptographic Step (CWE-325)
OS Command Injection (CWE-78)
Open Redirect (CWE-601)
Path Traversal (CWE-22)
Plaintext Storage of a Password (CWE-256)
Resource Injection (CWE-99)
Reversible One-Way Hash (CWE-328)
SQL Injection (CWE-89)
Session Fixation (CWE-384)
Unprotected Transport of Credentials (CWE-523)
Unverified Password Change (CWE-620)
Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
Use of a Key Past its Expiration Date (CWE-324)
Violation of Secure Design Principles (CWE-657)
Weak Password Recovery Mechanism for Forgotten Password (CWE-640)
XML Injection (CWE-91)
