OWASP カテゴリ | CWE ID | Parasoft ルール ID |
---|
A1 インジェクション | CWE-77: Command Injection | |
A1 インジェクション | CWE-89: SQL Injection | - SECURITY.IBA.UPS
- BD.SECURITY.TDSQL
|
A2 認証の不備 | CWE-384: Session Fixation | |
A3 機微な情報の露出 | CWE-311: Missing Encryption of Sensitive Data | - SECURITY.ESD.CONSEN
- SECURITY.ESD.PEO
- SECURITY.UEC.HTTPS
- SECURITY.WSC.USC
|
A3 機微な情報の露出 | CWE-312: Cleartext Storage of Sensitive Information | |
A3 機微な情報の露出 | CWE-319: Cleartext Transmission of Sensitive Information | - BD.SECURITY.TDSQL
- PORT.HCNA
|
A3機微な情報の露出 | CWE-321: Use of Hard-coded Cryptographic Key | |
A3 機微な情報の露出 | CWE-326: Weak Encryption | |
A3 機微な情報の露出 | CWE-327: Use of a Broken or Risky Cryptographic Algorithm | - SECURITY.WSC.ICA
- SECURITY.WSC.SRD
|
A3 機微な情報の露出 | CWE-328: Reversible One-Way Hash | |
A3 機微な情報の露出 | CWE-329: Not Using a Random IV with CBC Mode | - SECURITY.WSC.ENPP
- SECURITY.WSC.IVR
|
A3 機微な情報の露出 | CWE-347: Improper Verification of Cryptographic Signature | |
A3 機微な情報の露出 | CWE-359: Exposure of Private Information (Privacy Violation) | |
A5 アクセス制御の不備 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | |
A5 アクセス制御の不備 | CWE-284: Improper Access Control (Authorization) | |
A6 不適切なセキュリティ設定 | CWE-5: J2EE Misconfiguration: Data Transmission Without Encryption | |
A6 不適切なセキュリティ設定 | CWE-6: J2EE Misconfiguration: Insufficient Session-ID Length | |
A6 不適切なセキュリティ設定 | CWE-7: J2EE Misconfiguration: Missing Custom Error Page | |
A6 不適切なセキュリティ設定 | CWE-8: J2EE Misconfiguration: Entity Bean Declared Remote | |
A6 不適切なセキュリティ設定 | CWE-9: J2EE Misconfiguration: Weak Access Permissions for EJB Methods | |
A6 不適切なセキュリティ設定 | CWE-555: J2EE Misconfiguration: Plaintext Password in Configuration File | - HIBERNATE.UPWD
- SECURITY.UEC.PWDXML
|
A6 不適切なセキュリティ設定 | CWE-391: Unchecked Error Condition | |
A6 不適切なセキュリティ設定 | CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference | |
A6 不適切なセキュリティ設定 | CWE-396: Declaration of Catch for Generic Exception | |
A6 不適切なセキュリティ設定 | CWE-397: Declaration of Throws for Generic Exception | - CODSTA.BP.NTX
- EXCEPT.NTERR
|
A7 クロスサイトスクリプティング(XSS) | CWE-79: Improper neutralization of user supplied input | - SECURITY.IBA.CDBV
- BD.SECURITY.TDRESP
- BD.SECURITY.TDXSS
|
A8 安全でないデシリアライゼーション | CWE-502: Deserialization of Untrusted Data | - SERIAL.RWAF
- BD.SECURITY.SSSD
- PB.API.MASP
- SECURITY.WSC.DSER
|
A10 不十分なロギングとモニタリング | CWE-778: Insufficient Logging | |