Scribd
Upload
20 views

OWASP Top 10

The document outlines the OWASP Top 10 security vulnerabilities and their corresponding SANS CWE identifiers. Each vulnerability, such as Injection and Broken Authentication, is associated with specific CWEs that detail the underlying issues. The document serves as a reference for identifying and addressing common security risks in software development.

Uploaded by

sagar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
20 views

OWASP Top 10

The document outlines the OWASP Top 10 security vulnerabilities and their corresponding SANS CWE identifiers. Each vulnerability, such as Injection and Broken Authentication, is associated with specific CWEs that detail the underlying issues. The document serves as a reference for identifying and addressing common security risks in software development.

Uploaded by

sagar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

OWASP Top 10 SANS CWE 25

A1: Injection • CWE-78: Improper Neutralization of Special


Elements Used in an OS Command (‘OS Command
Injection’)

• CWE-89: SQL Injection

• CWE-94: Code Injection

• CWE-434: Unrestricted Upload of File with


Dangerous Type

• CWE-494: Download of Code Without Integrity


Check

• CWE-829: Inclusion of Functionality from


Untrusted Control Sphere

A2: Broken Authentication • CWE-306: Missing Authentication for Critical


Function

• CWE-307: Improper Restriction of Excessive


Authentication Attempts

• CWE-798: Use of Hard-coded Credentials

• CWE-807: Reliance on Untrusted Inputs in a


Security Decision

• CWE-862: Missing Authorization

• CWE-863: Incorrect Authorization


A3: Sensitive Data Exposure • CWE-311: Missing Encryption of Sensitive Data

• CWE-319: Cleartext Transmission of Sensitive


Information

A4: XML External Entities • None

A5: Broken Access Control • CWE-73: External Control of File Name or Path

• CWE-285: Improper Authorization

A6: Security Misconfiguration • CWE-250: Execution with Unnecessary Privileges

• CWE-676: Use of Potentially Dangerous Function

• CWE-732: Incorrect Permission Assignment for


Critical Resource

A7: Cross-Site Scripting (XSS) • CWE-79: Improper Neutralization of Input During


Web Page Generation (‘Cross-Site Scripting’)

A8: Insecure Deserialization • CWE-134: Use of Externally-Controlled Format


String

A9: Using Components with • CWE-190: Integer Overflow or Wraparound


Known Vulnerabilities
• CWE-327: Use of a Broken or Risky Cryptographic
Algorithm

• CWE-759: Use of a One-way Hash Without a Salt

A10: Insufficient Logging and • None


Monitoring

You might also like