Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: Yazılım Geliştirme Mitre Siber Güvenlik Sözlüğü
#KingSkrupellos
*
avatar
Tabutçu
Durum: Çevrimdışı
Seviye Puanı: 6
Yaşam Puanı: 2 / 135
Deneyim: 41 / 100
Rep Sayısı: 3276
Mesaj Sayısı: 57
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
Yazılım Geliştirme Mitre Siber Güvenlik Sözlüğü
12.03.2020 05:11
Yazılım Geliştirme Zafiyetleri Mitre Siber Güvenlik Sözlüğü

www.cyberizm.org

www.cyberizm.org

Cyberizm Digital Security Army

699 - Software Development

+CategoryAPI / Function Errors - (1228)
Use of Inherently Dangerous Function - (242)
Use of Function with Inconsistent Implementations - (474)
Undefined Behavior for Input to API - (475)
Use of Obsolete Function - (477)
Use of Potentially Dangerous Function - (676)
Use of Low-Level Functionality - (695)
Exposed Dangerous Method or Function - (749)
+CategoryAudit / Logging Errors - (1210)
Improper Output Neutralization for Logs - (117)
Truncation of Security-relevant Information - (222)
Omission of Security-relevant Information - (223)
Obscured Security-relevant Information by Alternate Name - (224)
Insertion of Sensitive Information into Log File - (532)
Insufficient Logging - (778)
Logging of Excessive Data - (779)
+CategoryAuthentication Errors - (1211)
Authentication Bypass Using an Alternate Path or Channel - (288)
Authentication Bypass by Spoofing - (290)
Authentication Bypass by Capture-replay - (294)
Improper Certificate Validation - (295)
Improper Following of a Certificate's Chain of Trust - (296)
Improper Check for Certificate Revocation - (299)
Incorrect Implementation of Authentication Algorithm - (303)
Missing Critical Step in Authentication - (304)
Authentication Bypass by Primary Weakness - (305)
Missing Authentication for Critical Function - (306)
Improper Restriction of Excessive Authentication Attempts - (307)
Use of Single-factor Authentication - (308)
Use of Password System for Primary Authentication - (309)
Key Exchange without Entity Authentication - (322)
Use of Client-Side Authentication - (603)
Overly Restrictive Account Lockout Mechanism - (645)
Guessable CAPTCHA - (804)
Use of Password Hash Instead of Password for Authentication - (836)
+CategoryAuthorization Errors - (1212)
Direct Request ('Forced Browsing') - (425)
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization - (551)
Improper Authorization of Index Containing Sensitive Information - (612)
Authorization Bypass Through User-Controlled Key - (639)
Improper Authorization in Handler for Custom URL Scheme - (939)
Placement of User into Incorrect Group - (842)
Insufficient Granularity of Access Control - (1220)
+CategoryBad Coding Practices - (1006)
Missing Default Case in Switch Statement - (478)
Reliance on Package-level Scope - (487)
Active Debug Code - (489)
*VariantSuspicious Comment - (546)
*VariantUse of Hard-coded, Security-relevant Constants - (547)
Dead Code - (561)
Return of Stack Variable Address - (562)
*VariantAssignment to Variable without Use - (563)
Object Model Violation: Just One of Equals and Hashcode Defined - (581)
*VariantExplicit Call to Finalize() - (586)
Multiple Binds to the Same Port - (605)
Variable Extraction Error - (621)
Dynamic Variable Evaluation - (627)
Function Call with Incorrectly Specified Arguments - (628)
Use of Multiple Resources with Duplicate Identifier - (694)
Use of Redundant Code - (1041)
Data Element Aggregating an Excessively Large Number of Non-Primitive Elements - (1043)
Architecture with Number of Horizontal Layers Outside of Expected Range - (1044)
*VariantParent Class with a Virtual Destructor and a Child Class without a Virtual Destructor - (1045)
Creation of Immutable Text Using String Concatenation - (1046)
Invokable Control Element with Large Number of Outward Calls - (1048)
Excessive Data Query Operations in a Large Data Table - (1049)
Excessive Platform Resource Consumption within a Loop - (1050)
Creation of Class Instance within a Static Code Block - (1063)
Runtime Resource Management Control Element in a Component Built to Run on Application Servers - (1065)
Missing Serialization Control Element - (1066)
Excessive Execution of Sequential Searches of Data Resource - (1067)
Serializable Data Element Containing non-Serializable Item Elements - (1070)
Empty Code Block - (1071)
Data Resource Access without Use of Connection Pooling - (1072)
Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses - (1073)
Parent Class without Virtual Destructor Method - (1079)
Class Instance Self Destruction Control Element - (1082)
Invokable Control Element with Excessive File or Data Access Operations - (1084)
Invokable Control Element with Excessive Volume of Commented-out Code - (1085)
Class with Virtual Method without a Virtual Destructor - (1087)
Large Data Table with Excessive Number of Indices - (1089)
Use of Object without Invoking Destructor Method - (1091)
Use of Same Invokable Control Element in Multiple Architectural Layers - (1092)
Excessive Index Range Scan for a Data Resource - (1094)
Persistent Storable Data Element without Associated Comparison Control Element - (1097)
*VariantData Element containing Pointer Item without Proper Copy Control Element - (1098)
Inconsistent Naming Conventions for Identifiers - (1099)
Reliance on Runtime Component in Generated Code - (1101)
Reliance on Machine-Dependent Data Representation - (1102)
Use of Platform-Dependent Third Party Components - (1103)
Use of Unmaintained Third Party Components - (1104)
Insufficient Use of Symbolic Constants - (1106)
Insufficient Isolation of Symbolic Constant Definitions - (1107)
Excessive Reliance on Global Variables - (1108)
Use of Same Variable for Multiple Purposes - (1109)
Inappropriate Comment Style - (1113)
Inappropriate Whitespace Style - (1114)
Source Code Element without Standard Prologue - (1115)
Inaccurate Comments - (1116)
Callable with Insufficient Behavioral Summary - (1117)
Declaration of Variable with Unnecessarily Wide Scope - (1126)
Compilation with Insufficient Warnings or Errors - (1127)
Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations - (1235)
+CategoryBehavioral Problems - (438)
Misinterpretation of Input - (115)
Incorrect Behavior Order: Early Validation - (179)
Incorrect Behavior Order: Early Amplification - (408)
Incomplete Model of Endpoint Features - (437)
Behavioral Change in New Version or Environment - (439)
Expected Behavior Violation - (440)
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') - (444)
Use of Incorrect Operator - (480)
Incorrect Block Delimitation - (483)
Omitted Break Statement in Switch - (484)
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization - (551)
Execution After Redirect (EAR) - (698)
Compiler Optimization Removal or Modification of Security-critical Code - (733)
Operator Precedence Logic Error - (783)
Loop with Unreachable Exit Condition ('Infinite Loop') - (835)
Improper Enforcement of a Single, Unique Action - (837)
Improper Enforcement of Behavioral Workflow - (841)
Comparison Using Wrong Factors - (1025)
Processor Optimization Removal or Modification of Security-critical Code - (1037)
+CategoryBusiness Logic Errors - (840)
Unverified Ownership - (283)
Authentication Bypass Using an Alternate Path or Channel - (288)
Authorization Bypass Through User-Controlled Key - (639)
Weak Password Recovery Mechanism for Forgotten Password - (640)
Incorrect Ownership Assignment - (708)
Allocation of Resources Without Limits or Throttling - (770)
Premature Release of Resource During Expected Lifetime - (826)
Improper Enforcement of a Single, Unique Action - (837)
Improper Enforcement of Behavioral Workflow - (841)
+CategoryCommunication Channel Errors - (417)
Key Exchange without Entity Authentication - (322)
Origin Validation Error - (346)
Covert Timing Channel - (385)
Unprotected Primary Channel - (419)
Unprotected Alternate Channel - (420)
Direct Request ('Forced Browsing') - (425)
Covert Storage Channel - (515)
Improper Enforcement of Message Integrity During Transmission in a Communication Channel - (924)
Improper Verification of Source of a Communication Channel - (940)
Incorrectly Specified Destination in a Communication Channel - (941)
+CategoryComplexity Issues - (1226)
Data Element Aggregating an Excessively Large Number of Non-Primitive Elements - (1043)
Modules with Circular Dependencies - (1047)
Multiple Inheritance from Concrete Classes - (1055)
Invokable Control Element with Variadic Parameters - (1056)
Excessive Number of Inefficient Server-Side Data Accesses - (1060)
Invokable Control Element with Signature Containing an Excessive Number of Parameters - (1064)
Class with Excessively Deep Inheritance - (1074)
Unconditional Control Flow Transfer outside of Switch Block - (1075)
Source Code File with Excessive Number of Lines of Code - (1080)
Class with Excessive Number of Child Classes - (1086)
Loop Condition Value Update within the Loop - (1095)
Excessive Use of Unconditional Branching - (1119)
Excessive McCabe Cyclomatic Complexity - (1121)
Excessive Halstead Complexity - (1122)
Excessive Use of Self-Modifying Code - (1123)
Excessively Deep Nesting - (1124)
Excessive Attack Surface - (1125)
+CategoryConcurrency Issues - (557)
Race Condition Enabling Link Following - (363)
Signal Handler Race Condition - (364)
Race Condition in Switch - (365)
Race Condition within a Thread - (366)
Time-of-check Time-of-use (TOCTOU) Race Condition - (367)
Context Switching Race Condition - (368)
Symbolic Name not Mapping to Correct Object - (386)
Race Condition During Access to Alternate Channel - (421)
Unsynchronized Access to Shared Data in a Multithreaded Context - (567)
Empty Synchronized Block - (585)
Use of a Non-reentrant Function in a Concurrent Context - (663)
Missing Synchronization - (820)
Incorrect Synchronization - (821)
Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element - (1058)
Synchronous Access of Remote Resource without Timeout - (1088)
+CategoryCredentials Management Errors - (255)
Unprotected Storage of Credentials - (256)
Storing Passwords in a Recoverable Format - (257)
Password in Configuration File - (260)
Weak Encoding for Password - (261)
Not Using Password Aging - (262)
Password Aging with Long Expiration - (263)
Use of a Key Past its Expiration Date - (324)
Weak Password Requirements - (521)
Unprotected Transport of Credentials - (523)
Missing Password Field Masking - (549)
Unverified Password Change - (620)
Weak Password Recovery Mechanism for Forgotten Password - (640)
Use of Hard-coded Credentials - (798)
Use of Password Hash With Insufficient Computational Effort - (916)
+CategoryCryptographic Issues - (310)
Weak Encoding for Password - (261)
Use of a Key Past its Expiration Date - (324)
Missing Required Cryptographic Step - (325)
Reversible One-Way Hash - (328)
Insufficient Entropy - (331)
Small Space of Random Values - (334)
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) - (335)
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) - (338)
Improper Verification of Cryptographic Signature - (347)
Use of Password Hash With Insufficient Computational Effort - (916)
Use of a Risky Cryptographic Primitive - (1240)
+CategoryData Integrity Issues - (1214)
Key Exchange without Entity Authentication - (322)
Origin Validation Error - (346)
Improper Verification of Cryptographic Signature - (347)
Use of Less Trusted Source - (348)
Acceptance of Extraneous Untrusted Data With Trusted Data - (349)
Insufficient Type Distinction - (351)
Missing Support for Integrity Check - (353)
Improper Validation of Integrity Check Value - (354)
Download of Code Without Integrity Check - (494)
Reliance on Cookies without Validation and Integrity Checking - (565)
Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking - (649)
Inclusion of Functionality from Untrusted Control Sphere - (829)
Improper Enforcement of Message Integrity During Transmission in a Communication Channel - (924)
+CategoryData Processing Errors - (19)
Improper Handling of Length Parameter Inconsistency - (130)
Improper Handling of Missing Special Element - (166)
Improper Handling of Additional Special Element - (167)
Improper Handling of Inconsistent Special Elements - (168)
Improper Handling of Case Sensitivity - (178)
Collapse of Data into Unsafe Value - (182)
Overly Restrictive Regular Expression - (186)
Improper Handling of Values - (229)
Improper Handling of Parameters - (233)
Improper Handling of Structural Elements - (237)
Improper Handling of Unexpected Data Type - (241)
Improper Handling of Highly Compressed Data (Data Amplification) - (409)
Modification of Assumed-Immutable Data (MAID) - (471)
External Control of Assumed-Immutable Web Parameter - (472)
URL Redirection to Untrusted Site ('Open Redirect') - (601)
Improper Restriction of XML External Entity Reference - (611)
Executable Regular Expression Error - (624)
Permissive Regular Expression - (625)
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') - (776)
Comparison of Incompatible Types - (1024)
+CategoryData Representation Errors - (137)
Improper Neutralization of Equivalent Special Elements - (76)
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') - (78)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - (79)
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') - (88)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - (89)
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') - (90)
XML Injection (aka Blind XPath Injection) - (91)
Improper Neutralization of CRLF Sequences ('CRLF Injection') - (93)
Improper Control of Generation of Code ('Code Injection') - (94)
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') - (96)
Improper Output Neutralization for Logs - (117)
Improper Neutralization of Delimiters - (140)
Improper Null Termination - (170)
Reliance on Data/Memory Layout - (188)
Duplicate Key in Associative List (Alist) - (462)
Deletion of Data Structure Sentinel - (463)
Addition of Data Structure Sentinel - (464)
Improper Neutralization of Data within XPath Expressions ('XPath Injection') - (643)
Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') - (652)
Incomplete Filtering of Special Elements - (791)
Only Filtering Special Elements at a Specified Location - (795)
Inappropriate Encoding for Output Context - (838)
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') - (917)
Improper Neutralization of Formula Elements in a CSV File - (1236)
+CategoryDocumentation Issues - (1225)
Missing Documentation for Design - (1053)
Inconsistency Between Implementation and Documented Design - (1068)
Incomplete Design Documentation - (1110)
Incomplete I/O Documentation - (1111)
Incomplete Documentation of Program Execution - (1112)
Insufficient Documentation of Error Handling Techniques - (1118)
+CategoryFile Handling Issues - (1219)
Relative Path Traversal - (23)
Absolute Path Traversal - (36)
Improper Resolution of Path Equivalence - (41)
Improper Link Resolution Before File Access ('Link Following') - (59)
Improper Handling of File Names that Identify Virtual Resources - (66)
Creation of Temporary File With Insecure Permissions - (378)
Creation of Temporary File in Directory with Insecure Permissions - (379)
Untrusted Search Path - (426)
Uncontrolled Search Path Element - (427)
Unquoted Search Path or Element - (428)
+CategoryEncapsulation Issues - (1227)
Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer - (1054)
Data Access Operations Outside of Expected Data Manager Component - (1057)
Parent Class with References to Child Class - (1062)
Data Access from Outside Expected Data Manager Component - (1083)
Method Containing Access of a Member Element from Another Class - (1090)
Insufficient Isolation of System-Dependent Functions - (1100)
Insufficient Encapsulation of Machine-Dependent Functionality - (1105)
+CategoryError Conditions, Return Values, Status Codes - (389)
Generation of Error Message Containing Sensitive Information - (209)
Uncaught Exception - (248)
Unchecked Return Value - (252)
Incorrect Check of Function Return Value - (253)
Detection of Error Condition Without Action - (390)
Unchecked Error Condition - (391)
Missing Report of Error Condition - (392)
Return of Wrong Status Code - (393)
Unexpected Status Code or Return Value - (394)
Use of NullPointerException Catch to Detect NULL Pointer Dereference - (395)
Declaration of Catch for Generic Exception - (396)
Declaration of Throws for Generic Exception - (397)
Missing Standardized Error Handling Mechanism - (544)
Return Inside Finally Block - (584)
Uncaught Exception in Servlet - (600)
Reachable Assertion - (617)
Missing Custom Error Page - (756)
Empty Exception Block - (1069)
+CategoryExpression Issues - (569)
Use of Incorrect Operator - (480)
Expression is Always False - (570)
Expression is Always True - (571)
*VariantAttempt to Access Child of a Non-structure Pointer - (588)
*VariantComparison of Object References Instead of Object Contents - (595)
Operator Precedence Logic Error - (783)
+CategoryHandler Errors - (429)
Deployment of Wrong Handler - (430)
Missing Handler - (431)
Dangerous Signal Handler not Disabled During Sensitive Operations - (432)
*VariantUnparsed Raw Web Content Delivery - (433)
Unrestricted Upload of File with Dangerous Type - (434)
*VariantSignal Handler Use of a Non-reentrant Function - (479)
+CategoryInformation Management Errors - (199)
Exposure of Sensitive Information Through Sent Data - (201)
Observable Response Discrepancy - (204)
Observable Behavioral Discrepancy - (205)
Observable Timing Discrepancy - (208)
Generation of Error Message Containing Sensitive Information - (209)
Improper Removal of Sensitive Information Before Storage or Transfer - (212)
Exposure of Sensitive Information Due to Incompatible Policies - (213)
Invocation of Process Using Visible Sensitive Information - (214)
Insertion of Sensitive Information Into Debugging Code - (215)
Cleartext Storage of Sensitive Information - (312)
Cleartext Transmission of Sensitive Information - (319)
Exposure of Private Personal Information to an Unauthorized Actor - (359)
Exposure of Sensitive System Information to an Unauthorized Control Sphere - (497)
Use of Cache Containing Sensitive Information - (524)
Insertion of Sensitive Information into Log File - (532)
Inclusion of Sensitive Information in Source Code - (540)
Storage of Sensitive Data in a Mechanism without Access Control - (921)
Exposure of Sensitive Information Through Metadata - (1230)
+CategoryInitialization and Cleanup Errors - (452)
Sensitive Information Uncleared in Resource Before Release for Reuse - (226)
External Initialization of Trusted Variables or Data Stores - (454)
Non-exit on Failed Initialization - (455)
Incomplete Cleanup - (459)
Improper Cleanup on Thrown Exception - (460)
Initialization with Hard-Coded Network Resource Configuration Data - (1051)
Excessive Use of Hard-Coded Literals in Initialization - (1052)
Insecure Default Initialization of Resource - (1188)
+CategoryInput Validation Issues - (1215)
Missing XML Validation - (112)
Improper Validation of Array Index - (129)
Incorrect Behavior Order: Early Validation - (179)
Permissive List of Allowed Inputs - (183)
Incomplete List of Disallowed Inputs - (184)
Acceptance of Extraneous Untrusted Data With Trusted Data - (349)
Unchecked Input for Loop Condition - (606)
Improper Restriction of Names for Files and Other Resources - (641)
Incomplete Filtering of Special Elements - (791)
Improper Use of Validation Framework - (1173)
+CategoryLockout Mechanism Errors - (1216)
Overly Restrictive Account Lockout Mechanism - (645)
+CategoryMemory Buffer Errors - (1218)
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - (120)
Write-what-where Condition - (123)
Buffer Underwrite ('Buffer Underflow') - (124)
Out-of-bounds Read - (125)
Incorrect Calculation of Buffer Size - (131)
Access of Memory Location Before Start of Buffer - (786)
Out-of-bounds Write - (787)
Access of Memory Location After End of Buffer - (788)
Buffer Access with Incorrect Length Value - (805)
+CategoryNumeric Errors - (189)
Wrap-around Error - (128)
Integer Overflow or Wraparound - (190)
Integer Underflow (Wrap or Wraparound) - (191)
*VariantInteger Coercion Error - (192)
Off-by-one Error - (193)
Numeric Truncation Error - (197)
Use of Incorrect Byte Ordering - (198)
Divide By Zero - (369)
Incorrect Conversion between Numeric Types - (681)
Numeric Range Comparison Without Minimum Check - (839)
*VariantFloating Point Comparison with Incorrect Operator - (1077)
+CategoryPermission Issues - (275)
Incorrect Default Permissions - (276)
*VariantInsecure Inherited Permissions - (277)
*VariantInsecure Preserved Inherited Permissions - (278)
*VariantIncorrect Execution-Assigned Permissions - (279)
Improper Handling of Insufficient Permissions or Privileges - (280)
Improper Preservation of Permissions - (281)
Exposed Unsafe ActiveX Method - (618)
*VariantCritical Data Element Declared Public - (766)
*VariantAccess to Critical Private Variable via Public Method - (767)
+CategoryPointer Issues - (465)
Return of Pointer Value Outside of Expected Range - (466)
*VariantUse of sizeof() on a Pointer Type - (467)
Incorrect Pointer Scaling - (468)
Use of Pointer Subtraction to Determine Size - (469)
NULL Pointer Dereference - (476)
Assignment of a Fixed Address to a Pointer - (587)
*VariantAttempt to Access Child of a Non-structure Pointer - (588)
Release of Invalid Pointer or Reference - (763)
Untrusted Pointer Dereference - (822)
Use of Out-of-range Pointer Offset - (823)
Access of Uninitialized Pointer - (824)
Expired Pointer Dereference - (825)
+CategoryPrivilege Issues - (265)
*VariantCreation of chroot Jail Without Changing Working Directory - (243)
Execution with Unnecessary Privileges - (250)
Incorrect Privilege Assignment - (266)
Privilege Defined With Unsafe Actions - (267)
Privilege Chaining - (268)
Privilege Context Switching Error - (270)
Least Privilege Violation - (272)
Improper Check for Dropped Privileges - (273)
Improper Handling of Insufficient Privileges - (274)
Improper Handling of Insufficient Permissions or Privileges - (280)
Trust Boundary Violation - (501)
*Variantclone() Method Without super.clone() - (580)
Incorrect Use of Privileged APIs - (648)
+CategoryRandom Number Issues - (1213)
Insufficient Entropy - (331)
Small Space of Random Values - (334)
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) - (335)
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) - (338)
Predictable from Observable State - (341)
Predictable Exact Value from Previous Values - (342)
Predictable Value Range from Previous Values - (343)
Use of Predictable Algorithm in Random Number Generator - (1241)
+CategoryResource Locking Problems - (411)
Unrestricted Externally Accessible Lock - (412)
Improper Resource Locking - (413)
Missing Lock Check - (414)
Double-Checked Locking - (609)
Multiple Locks of a Critical Resource - (764)
Multiple Unlocks of a Critical Resource - (765)
Unlock of a Resource that is not Locked - (832)
Deadlock - (833)
+CategoryResource Management Errors - (399)
External Control of File Name or Path - (73)
Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') - (403)
Insufficient Resource Pool - (410)
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') - (470)
Deserialization of Untrusted Data - (502)
Dangling Database Cursor ('Cursor Injection') - (619)
Improper Restriction of Names for Files and Other Resources - (641)
Use of Multiple Resources with Duplicate Identifier - (694)
Release of Invalid Pointer or Reference - (763)
Allocation of Resources Without Limits or Throttling - (770)
Missing Reference to Active Allocated Resource - (771)
Missing Release of Resource after Effective Lifetime - (772)
Premature Release of Resource During Expected Lifetime - (826)
Use of Uninitialized Resource - (908)
Missing Initialization of Resource - (909)
Use of Expired File Descriptor - (910)
Improper Update of Reference Count - (911)
Improper Control of Dynamically-Identified Variables - (914)
Improperly Controlled Modification of Dynamically-Determined Object Attributes - (915)
Improper Restriction of Power Consumption - (920)
Insecure Default Initialization of Resource - (1188)
+CategorySignal Errors - (387)
Signal Handler Race Condition - (364)
Dangerous Signal Handler not Disabled During Sensitive Operations - (432)
Signal Handler with Functionality that is not Asynchronous-Safe - (828)
Signal Handler Function Associated with Multiple Signals - (831)
+CategoryState Issues - (371)
External Control of System or Configuration Setting - (15)
Incomplete Internal State Distinction - (372)
Passing Mutable Objects to an Untrusted Method - (374)
Returning a Mutable Object to an Untrusted Caller - (375)
+CategoryString Errors - (133)
Use of Externally-Controlled Format String - (134)
Incorrect Calculation of Multi-Byte String Length - (135)
*VariantUse of Wrong Operator in String Comparison - (597)
+CategoryType Errors - (136)
Incorrect Conversion between Numeric Types - (681)
Access of Resource Using Incompatible Type ('Type Confusion') - (843)
+CategoryUser Interface Security Issues - (355)
*VariantCleartext Storage of Sensitive Information in GUI - (317)
Product UI does not Warn User of Unsafe Actions - (356)
Insufficient UI Warning of Dangerous Operations - (357)
Unimplemented or Unsupported Feature in UI - (447)
Obsolete Feature in UI - (448)
The UI Performs the Wrong Action - (449)
Multiple Interpretations of UI Input - (450)
Missing Password Field Masking - (549)
Insufficient Visual Distinction of Homoglyphs Presented to User - (1007)
Improper Restriction of Rendered UI Layers or Frames - (1021)
+CategoryUser Session Errors - (1217)
Exposure of Data Element to Wrong Session - (488)
Insufficient Session Expiration - (613)
Improper Enforcement of Behavioral Workflow - (841)

Kaynak : cwe.mitre.org/data/definitions/699.html
(Bu konu en son: 12.03.2020 Tarihinde, Saat: 05:18 düzenlenmiştir. Düzenleyen: KingSkrupellos.)
Alinti
MECZUP
*
avatar
Binbaşı
Durum: Çevrimdışı
Seviye Puanı: 5
Yaşam Puanı: 98 / 100
Deneyim: 2 / 100
Rep Sayısı: 6
Mesaj Sayısı: 39
Üyelik Tarihi: 22.02.2020
      
Yorum: #2
RE: Yazılım Geliştirme Mitre Siber Güvenlik Sözlüğü
12.03.2020 18:09
Teşekkürler, Emeğine Sağlık Smile

Alinti
Porch
*
avatar
Yüzbaşı
Durum: Çevrimdışı
Seviye Puanı: 5
Yaşam Puanı: 102 / 102
Deneyim: 11 / 100
Rep Sayısı: 1
Mesaj Sayısı: 40
Üyelik Tarihi: 28.02.2020
     
Yorum: #3
Cvp: Yazılım Geliştirme Mitre Siber Güvenlik Sözlüğü
12.03.2020 21:38
Teşekkürler emeğine sağlık üstad Smile
Alinti



1 Ziyaretçi