| The Research View with varying levels of weakness abstractions and entry types colored as specified below. |
| Research View with Abstractions Highlighted |
|
Weakness Pillar |
|
Weakness Class |
|
Weakness Base |
|
Weakness Variant |
|
Compound Elements |
|
| The Development View with the varying levels of weakness abstractions and entry types colored as specified below. |
| Development View with Abstractions Highlighted |
|
Category |
|
Weakness Pillar |
|
Weakness Class |
|
Weakness Base |
|
Weakness Variant |
|
Compound Elements |
|
| The Hardware View with the varying levels of weakness abstractions and entry types colored as specified below. |
| Hardware View with Abstractions Highlighted |
|
Category |
|
Weakness Pillar |
|
Weakness Class |
|
Weakness Base |
|
Weakness Variant |
|
Compound Elements |
|
| The Weaknesses for Simplified Mapping of Published Vulnerabilities View with the varying levels of weakness abstractions and entry types colored as specified below. |
| Weaknesses for Simplified Mapping of Published Vulnerabilities View with Abstractions Highlighted |
|
Weakness Pillar |
|
Weakness Class |
|
Weakness Base |
|
Weakness Variant |
|
Compound Elements |
|
| The Comprehensive Categorization View with the Category entry types colored as specified below. |
| Comprehensive Categorization View with Categories Highlighted |
|
Category |
|
| The Development View with the Category entry types colored as specified below. |
| Development View with Categories Highlighted |
|
Category |
|
| The OWASP Top 10 (2021) View with entries colored as specified below. |
| OWASP Top 10 (2021) |
|
A01 - Broken Access Control |
|
A02 - Cryptographic Failures |
|
A03 - Injection |
|
A04 - Insecure Design |
|
A05 - Security Misconfiguration |
|
A06 - Vulnerable and Outdated Components |
|
A07 - Identification and Authentication Failures |
|
A08 - Software and Data Integrity Failures |
|
A09 - Security Logging and Monitoring Failures |
|
A10 - Server-Side Request Forgery (SSRF) |
|
| Other visualizations of the OWASP Top 10 (2021), with entries colored as specified below. |
|
|
|
A01 - Broken Access Control |
|
A02 - Cryptographic Failures |
|
A03 - Injection |
|
A04 - Insecure Design |
|
A05 - Security Misconfiguration |
|
A06 - Vulnerable and Outdated Components |
|
A07 - Identification and Authentication Failures |
|
A08 - Software and Data Integrity Failures |
|
A09 - Security Logging and Monitoring Failures |
|
A10 - Server-Side Request Forgery (SSRF) |
|
|
| Visualizations related to the OWASP Top 10 (2004) entries, colored as specified below. |
|
|
|
A1 - Unvalidated Input |
|
A2 - Broken Access Control |
|
A3 - Broken Authentication and Session Management |
|
A4 - Cross-Site Scripting (XSS) Flaws |
|
A5 - Buffer Overflows |
|
A6 - Injection Flaws |
|
A7 - Improper Error Handling |
|
A8 - Insecure Storage |
|
A9 - Denial of Service |
|
A10 - Insecure Configuration Management |
|
Red highlight, visible from a distance |
|
| The OWASP Top 10 (2007) entries that have been mapped to CWE entries. |
| OWASP Top 10 (2007) in CWE |
|
A1 - Cross Site Scripting (XSS) |
|
A2 - Injection Flaws |
|
A3 - Malicious File Execution |
|
A4 - Insecure Direct Object Reference |
|
A5 - Cross Site Request Forgery (CSRF) |
|
A6 - Information Leakage and Improper Error Handling |
|
A7 - Broken Authentication and Session Management |
|
A8 - Insecure Cryptographic Storage |
|
A9 - Insecure Communications |
|
A10 - Failure to Restrict URL Access |
|
| The OWASP Top 10 (2013) entries that have been mapped to CWE entries. |
| OWASP Top 10 (2013) in CWE |
|
A1 - Injection |
|
A2 - Broken Authentication and Session Management |
|
A3 - Cross-Site Scripting (XSS) |
|
A4 - Insecure Direct Object References |
|
A5 - Security Misconfiguration |
|
A6 - Sensitive Data Exposure |
|
A7 - Missing Function Level Access Control |
|
A8 - Cross-Site Request Forgery (CSRF) |
|
A9 - Using Components with Known Vulnerabilities |
|
A10 - Unvalidated Redirects and Forwards |
|
| The Seven Pernicious Kingdoms View with entries colored as specified below. |
|
|
|
Environment |
|
Input Validation |
|
API Abuse |
|
Security Features |
|
Time and State |
|
Error Handling |
|
Code Quality |
|
Encapsulation |
|
Red highlight, visible from a distance |
|
| The CERT C Secure Coding Standard (2008) view. |
|
|
|
Preprocessor (PRE), Signals (SIG) |
|
Declarations and Initialization (DCL), Error Handling (ERR) |
|
Expressions (EXP), Miscellaneous (MSC) |
|
Integers (INT) |
|
Floating Point (FLP) |
|
Arrays (ARR) |
|
Characters and Strings (STR) |
|
Memory Management (MEM) |
|
Input Output (FIO) |
|
Environment (ENV), POSIX (POS) |
|
Red highlight, visible from a distance |
|
|
| The Research View with the CWE Cross-section entries highlighted in red for visibility at a distance. |
| Research View with CWE Cross-section in Red |
|
CWE Cross-section Entry |
|
| The Development View with the CWE Cross-section entries highlighted in red for visibility at a distance. |
| Development View with CWE Cross-section in Red |
|
CWE Cross-section Entry |
|
| Software Fault Pattern (SFP) Clusters in CWE colored as specified below. |
| Software Fault Pattern (SFP) Clusters View in CWE |
|
Primary SFP Cluster |
|
Secondary SFP Cluster |
|
Weakness |
|
| The Development View weaknesses who have defined Software Fault Pattern (SFP) entries highlighted in red for visibility at a distance. |
| Development View weaknesses with Software Fault Patterns (SFP) in Red |
|
Software Fault Pattern (SFP) |
|
| Research View weaknesses who have defined Software Fault Pattern (SFP) entries highlighted in red for visibility at a distance. |
| Research View weaknesses with Software Fault Patterns (SFP) in Red |
|
Software Fault Pattern (SFP) |
|
| The 2011 CWE/SANS Top 25 entries colored as specified below. |
| 2011 CWE/SANS Top 25 |
|
Insecure Interaction Between Components |
|
Risky Resource Management |
|
Porous Defenses |
|
Weaknesses On the Cusp |
|
| The 2010 CWE/SANS Top 25 entries colored as specified below. |
| 2010 CWE/SANS Top 25 |
|
Insecure Interaction Between Components |
|
Risky Resource Management |
|
Porous Defenses |
|
Weaknesses On the Cusp |
|
| The Development View with the 2010 CWE/SANS Top 25 entries highlighted in red for visibility at a distance. |
| Development View with 2010 CWE/SANS Top 25 in Red |
|
2010 CWE/SANS Top 25 Entry |
|
| The Research View with the 2010 CWE/SANS Top 25 entries highlighted in red for visibility at a distance. |
| Research View with 2010 CWE/SANS Top 25 in Red |
|
2010 CWE/SANS Top 25 Entry |
|
The 2009 CWE/SANS Top 25 entries colored as specified below. |
| 2009 CWE/SANS Top 25 |
|
Insecure Interaction Between Components |
|
Risky Resource Management |
|
Porous Defenses |
|
