CWE-1348: OWASP Top Ten 2021 Category A04:2021 - Insecure Design
ID
CWE-1348
Status
Incomplete
Weaknesses in this category are related to the A04 "Insecure Design" category in the OWASP Top Ten 2021.
Relationships
| View | Weakness | ||||||
|---|---|---|---|---|---|---|---|
| # ID | Name | # ID | Name | Abstraction | Structure | Status | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-73 | External Control of File Name or Path | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-183 | Permissive List of Allowed Inputs | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-209 | Generation of Error Message Containing Sensitive Information | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-213 | Exposure of Sensitive Information Due to Incompatible Policies | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-235 | Improper Handling of Extra Parameters | Variant | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-256 | Plaintext Storage of a Password | Base | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-257 | Storing Passwords in a Recoverable Format | Base | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-266 | Incorrect Privilege Assignment | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-269 | Improper Privilege Management | Class | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-280 | Improper Handling of Insufficient Permissions or Privileges | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-311 | Missing Encryption of Sensitive Data | Class | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-312 | Cleartext Storage of Sensitive Information | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-313 | Cleartext Storage in a File or on Disk | Variant | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-316 | Cleartext Storage of Sensitive Information in Memory | Variant | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-419 | Unprotected Primary Channel | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-430 | Deployment of Wrong Handler | Base | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-434 | Unrestricted Upload of File with Dangerous Type | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') | Base | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-451 | User Interface (UI) Misrepresentation of Critical Information | Class | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-472 | External Control of Assumed-Immutable Web Parameter | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-501 | Trust Boundary Violation | Base | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-522 | Insufficiently Protected Credentials | Class | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-525 | Use of Web Browser Cache Containing Sensitive Information | Variant | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-539 | Use of Persistent Cookies Containing Sensitive Information | Variant | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-579 | J2EE Bad Practices: Non-serializable Object Stored in Session | Variant | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-598 | Use of GET Request Method With Sensitive Query Strings | Variant | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-602 | Client-Side Enforcement of Server-Side Security | Class | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-642 | External Control of Critical State Data | Class | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-646 | Reliance on File Name or Extension of Externally-Supplied File | Variant | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-650 | Trusting HTTP Permission Methods on the Server Side | Variant | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-653 | Improper Isolation or Compartmentalization | Class | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-656 | Reliance on Security Through Obscurity | Class | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-657 | Violation of Secure Design Principles | Class | Simple | Draft | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-799 | Improper Control of Interaction Frequency | Class | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-807 | Reliance on Untrusted Inputs in a Security Decision | Base | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-840 | Business Logic Errors | Incomplete | |||
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-841 | Improper Enforcement of Behavioral Workflow | Base | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-927 | Use of Implicit Intent for Sensitive Communication | Variant | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-1021 | Improper Restriction of Rendered UI Layers or Frames | Base | Simple | Incomplete | |
| CWE-1344 | Weaknesses in OWASP Top Ten (2021) | CWE-1173 | Improper Use of Validation Framework | Base | Simple | Draft | |
Loading...