API tools faq
paste
Guest User

Untitled

a guest
Nov 8th, 2019
5,502
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.66 KB | None | 0 0
raw download clone embed print report
  1. Account Hijacking
  2. Allocation of Resources Without Limits or Throttling - CWE-770
  3. Array Index Underflow - CWE-129
  4. Authentication Bypass Using an Alternate Path or Channel - CWE-288
  5. Brute Force - CWE-307
  6. Buffer Over-read - CWE-126
  7. Buffer Underflow - CWE-124
  8. Buffer Under-read - CWE-127
  9. Business Logic Errors - CWE-840
  10. Classic Buffer Overflow - CWE-120
  11. Cleartext Storage of Sensitive Information - CWE-312
  12. Cleartext Transmission of Sensitive Information - CWE-319
  13. Client-Side Enforcement of Server-Side Security - CWE-602
  14. Code Injection - CWE-94
  15. Command Injection - Generic - CWE-77
  16. Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') - CWE-362
  17. CRLF Injection - CWE-93
  18. Cross-Site Request Forgery (CSRF) - CWE-352
  19. Cross-site Scripting (XSS) - DOM - CWE-79
  20. Cross-site Scripting (XSS) - Generic - CWE-79
  21. Cross-site Scripting (XSS) - Reflected - CWE-79
  22. Cross-site Scripting (XSS) - Stored - CWE-79
  23. Cryptographic Issues - Generic - CWE-310
  24. Denial of Service- CWE-400
  25. Deserialization of Untrusted Data - CWE-502
  26. Double Free - CWE-415
  27. Download of Code Without Integrity Check - CWE-494
  28. Embedded Malicious Code - CWE-506
  29. Execution with Unnecessary Privileges - CWE-250
  30. Exposed Dangerous Method or Function - CWE-749
  31. External Control of Critical State Data - CWE-642
  32. Externally Controlled Reference to a Resource in Another Sphere - CWE-610
  33. Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) - CWE-75
  34. File and Directory Information Exposure - CWE-538
  35. Forced Browsing - CWE-425
  36. Fraud
  37. Heap Overflow - CWE-122
  38. HTTP Request Smuggling - CWE-444
  39. HTTP Response Splitting - CWE-113
  40. Improper Access Control - Generic - CWE-284
  41. Improper Authentication
  42. Improper Authentication - Generic - CWE-287
  43. Improper Authorization - CWE-285
  44. Improper Certificate Validation - CWE-295
  45. Improper Check or Handling of Exceptional Conditions - CWE-703
  46. Improper Export of Android Application Components - CWE-926
  47. Improper Following of a Certificate's Chain of Trust - CWE-296
  48. Improper Handling of Highly Compressed Data (Data Amplification) - CWE-409
  49. Improper Handling of Insufficient Permissions or Privileges - CWE-280
  50. Improper Handling of URL Encoding (Hex Encoding) - CWE-177
  51. Improper Export of Android Application Components - CWE-926
  52. Improper Following of a Certificate's Chain of Trust - CWE-296
  53. Improper Handling of Highly Compressed Data (Data Amplification) - CWE-409
  54. Improper Handling of Insufficient Permissions or Privileges - CWE-280
  55. Improper Handling of URL Encoding (Hex Encoding) - CWE-177
  56. Improper Input Validation - CWE-20
  57. Improper Neutralization of Escape, Meta, or Control Sequences - CWE-150
  58. Improper Neutralization of HTTP Headers for Scripting Syntax - CWE-644
  59. Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - CWE-80
  60. Improper Null Termination - CWE-170
  61. Improper Privilege Management - CWE-269
  62. Inadequate Encryption Strength - CWE-326
  63. Inclusion of Functionality from Untrusted Control Sphere - CWE-829
  64. Incomplete Blacklist - CWE-184
  65. Incorrect Authorization - CWE-863
  66. Incorrect Calculation of Buffer Size - CWE-131
  67. Incorrect Comparison - CWE-697
  68. Incorrect Permission Assignment for Critical Resource - CWE-732
  69. Information Disclosure - CWE-200
  70. Information Exposure Through an Error Message - CWE-209
  71. Information Exposure Through Debug Information - CWE-215
  72. Information Exposure Through Directory Listing - CWE-548
  73. Information Exposure Through Discrepancy - CWE-203
  74. Information Exposure Through Sent Data - CWE-201
  75. Information Exposure Through Timing Discrepancy - CWE-208
  76. Insecure Direct Object Reference (IDOR) - CWE-639
  77. Insecure Storage of Sensitive Information - CWE-922
  78. Insecure Temporary File - CWE-377
  79. Insufficient Session Expiration - CWE-613
  80. Insufficiently Protected Credentials - CWE-522
  81. Integer Overflow - CWE-190
  82. Integer Underflow - CWE-191
  83. Key Exchange without Entity Authentication - CWE-322
  84. LDAP Injection - CWE-90
  85. Leftover Debug Code (Backdoor) - CWE-489
  86. Malware - CAPEC-549
  87. Man-in-the-Middle - CWE-300
  88. Memory Corruption - Generic - CWE-119
  89. Misconfiguration - CWE-16
  90. Missing Authentication for Critical Function - CWE-306
  91. Missing Authorization - CWE-862
  92. Missing Encryption of Sensitive Data - CWE-311
  93. Missing Required Cryptographic Step - CWE-325
  94. Modification of Assumed-Immutable Data (MAID) - CWE-471
  95. NULL Pointer Dereference - CWE-476
  96. Off-by-one Error - CWE-193
  97. Open Redirect - CWE-601
  98. OS Command Injection - CWE-78
  99. Out-of-bounds Read - CWE-125
  100. Password in Configuration File - CWE-260
  101. Path Traversal - CWE-22
  102. Path Traversal - CWE-35
  103. Phishing - CAPEC-98
  104. Plaintext Storage of a Password - CWE-256
  105. Privacy Violation - CWE-359
  106. Privilege Escalation - CAPEC-233
  107. Relative Path Traversal - CWE-23
  108. Reliance on Cookies without Validation and Integrity Checking in a Security Decision - CWE-784
  109. Reliance on Reverse DNS Resolution for a Security-Critical Action - CWE-350
  110. Reliance on Untrusted Inputs in a Security Decision - CWE-807
  111. Remote File Inclusion - CWE-98
  112. Replicating Malicious Code (Virus or Worm) - CWE-509
  113. Resource Injection - CWE-99
  114. Reusing a Nonce, Key Pair in Encryption - CWE-323
  115. Reversible One-Way Hash - CWE-328
  116. Scams
  117. Security Through Obscurity - CWE-656
  118. Server-Side Request Forgery (SSRF) - CWE-918
  119. Session Fixation - CWE-384
  120. Spam
  121. SQL Injection - CWE-89
  122. Stack Overflow - CWE-121
  123. Storing Passwords in a Recoverable Format - CWE-257
  124. Time-of-check Time-of-use (TOCTOU) Race Condition - CWE-367
  125. Trust of System Event Data - CWE-360
  126. Type Confusion - CWE-843
  127. UI Redressing (Clickjacking) - CAPEC-103
  128. Unchecked Error Condition - CWE-391
  129. Uncontrolled Recursion - CWE-674
  130. Unprotected Transport of Credentials - CWE-523
  131. Unrestricted Upload of File with Dangerous Type - CWE-434
  132. Untrusted Search Path - CWE-426
  133. Unverified Password Change - CWE-620
  134. Use After Free - CWE-416
  135. Use of a Broken or Risky Cryptographic Algorithm - CWE-327
  136. Use of a Key Past its Expiration Date - CWE-324
  137. Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) - CWE-338
  138. Use of Externally-Controlled Format String - CWE-134
  139. Use of Hard-coded Credentials - CWE-798
  140. Use of Hard-coded Cryptographic Key - CWE-321
  141. Use of Hard-coded Password - CWE-259
  142. Use of Inherently Dangerous Function - CWE-242
  143. Use of Insufficiently Random Values - CWE-330
  144. User Interface (UI) Misrepresentation of Critical Information - CWE-451
  145. Violation of Secure Design Principles - CWE-657
  146. Weak Cryptography for Passwords - CWE-261
  147. Weak Password Recovery Mechanism for Forgotten Password - CWE-640
  148. Wrap-around Error - CWE-128
  149. Write-what-where Condition - CWE-123
  150. XML Entity Expansion - CWE-776
  151. XML External Entities (XXE) - CWE-611
  152. XML Injection - CWE-91
  153. XSS - Reflected
  154. XSS Using MIME Type Mismatch - CAPEC-209
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!