Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: WebSecurity Yedi Zararlı Böcek Krallığı Mitre Sözlük
#KingSkrupellos
*
avatar
Tabutçu
Durum: Çevrimdışı
Seviye Puanı: 6
Yaşam Puanı: 2 / 135
Deneyim: 41 / 100
Rep Sayısı: 3276
Mesaj Sayısı: 57
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
WebSecurity Yedi Zararlı Böcek Krallığı Mitre Sözlük
17.03.2020 00:50
WebSecurity Yedi Zararlı Böcek Krallığı Mitre Sözlük

www.cyberizm.org

700 - Seven Pernicious Kingdoms
7PK - Security Features - (254)
7PK - Time and State - (361)
7PK - Errors - (388)
7PK - Input Validation and Representation - (1005)
7PK - API Abuse - (227)
7PK - Code Quality - (398)
7PK - Encapsulation - (485)
7PK - Environment - (2)

700 - Seven Pernicious Kingdoms
-Category7PK - Security Features - (254)
Unprotected Storage of Credentials - (256)
Empty Password in Configuration File - (258)
Use of Hard-coded Password - (259)
Password in Configuration File - (260)
Weak Encoding for Password - (261)
Least Privilege Violation - (272)
*PillarImproper Access Control - (284)
*ClassImproper Authorization - (285)
*ClassUse of Insufficiently Random Values - (330)
Exposure of Private Personal Information to an Unauthorized Actor - (359)
Use of Hard-coded Credentials - (798)
-Category7PK - Time and State - (361)
Signal Handler Race Condition - (364)
Time-of-check Time-of-use (TOCTOU) Race Condition - (367)
*ClassInsecure Temporary File - (377)
J2EE Bad Practices: Use of System.exit() - (382)
J2EE Bad Practices: Direct Use of Threads - (383)
*CompositeSession Fixation - (384)
Unrestricted Externally Accessible Lock - (412)
-Category7PK - Errors - (388)
Unchecked Error Condition - (391)
Use of NullPointerException Catch to Detect NULL Pointer Dereference - (395)
Declaration of Catch for Generic Exception - (396)
Declaration of Throws for Generic Exception - (397)
-Category7PK - Input Validation and Representation - (1005)
-ClassImproper Input Validation - (20)
Struts: Duplicate Validation Forms - (102)
Struts: Incomplete validate() Method Definition - (103)
Struts: Form Bean Does Not Extend Validation Class - (104)
Struts: Form Field Without Validator - (105)
Struts: Plug-in Framework not in Use - (106)
Struts: Unused Validation Form - (107)
Struts: Unvalidated Action Form - (108)
Struts: Validator Turned Off - (109)
Struts: Validator Without Form Field - (110)
Direct Use of Unsafe JNI - (111)
Missing XML Validation - (112)
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') - (113)
*ClassProcess Control - (114)
Improper Output Neutralization for Logs - (117)
*ClassImproper Restriction of Operations within the Bounds of a Memory Buffer - (119)
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - (120)
Use of Externally-Controlled Format String - (134)
External Control of System or Configuration Setting - (15)
Improper Null Termination - (170)
Integer Overflow or Wraparound - (190)
Return of Pointer Value Outside of Expected Range - (466)
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') - (470)
External Control of File Name or Path - (73)
Use of Path Manipulation Function without Maximum-sized Buffer - (785)
*ClassImproper Neutralization of Special Elements used in a Command ('Command Injection') - (77)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - (79)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - (89)
*ClassImproper Control of Resource Identifiers ('Resource Injection') - (99)
-Category7PK - API Abuse - (227)
Use of Inherently Dangerous Function - (242)
Creation of chroot Jail Without Changing Working Directory - (243)
Improper Clearing of Heap Memory Before Release ('Heap Inspection') - (244)
J2EE Bad Practices: Direct Management of Connections - (245)
J2EE Bad Practices: Direct Use of Sockets - (246)
Uncaught Exception - (248)
Execution with Unnecessary Privileges - (250)
*CategoryOften Misused: String Management - (251)
Unchecked Return Value - (252)
Use of getlogin() in Multithreaded Application - (558)
-Category7PK - Code Quality - (398)
Missing Release of Memory after Effective Lifetime - (401)
*ClassImproper Resource Shutdown or Release - (404)
Double Free - (415)
Use After Free - (416)
Use of Uninitialized Variable - (457)
Use of Function with Inconsistent Implementations - (474)
Undefined Behavior for Input to API - (475)
NULL Pointer Dereference - (476)
Use of Obsolete Function - (477)
-Category7PK - Encapsulation - (485)
Comparison of Classes by Name - (486)
Exposure of Data Element to Wrong Session - (488)
Active Debug Code - (489)
Public cloneable() Method Without Final ('Object Hijack') - (491)
Use of Inner Class Containing Sensitive Data - (492)
Critical Public Variable Without Final Modifier - (493)
Private Data Structure Returned From A Public Method - (495)
Public Data Assigned to Private Array-Typed Field - (496)
Exposure of Sensitive System Information to an Unauthorized Control Sphere - (497)
Trust Boundary Violation - (501)
-Category7PK - Environment - (2)
ASP.NET Misconfiguration: Creating Debug Binary - (11)
ASP.NET Misconfiguration: Missing Custom Error Page - (12)
ASP.NET Misconfiguration: Password in Configuration File - (13)
Compiler Removal of Code to Clear Buffers - (14)
J2EE Misconfiguration: Data Transmission Without Encryption - (5)
J2EE Misconfiguration: Insufficient Session-ID Length - (6)
J2EE Misconfiguration: Missing Custom Error Page - (7)
J2EE Misconfiguration: Entity Bean Declared Remote - (8)
J2EE Misconfiguration: Weak Access Permissions for EJB Methods - (9)
Kaynak : cwe.mitre.org/data/definitions/700.html
(Bu konu en son: 17.03.2020 Tarihinde, Saat: 00:58 düzenlenmiştir. Düzenleyen: KingSkrupellos.)
Alinti



1 Ziyaretçi