OWASP Top 10 - 2017

OWASP カテゴリCWE IDParasoft ルール ID
A1 インジェクションCWE-77: Command Injection
  • BD.SECURITY.TDCMD
A1 インジェクションCWE-89: SQL Injection
  • SECURITY.IBA.UPS
  • BD.SECURITY.TDSQL
A2 認証の不備CWE-384: Session Fixation
  • SECURITY.WSC.ISL
A3 機微な情報の露出CWE-311: Missing Encryption of Sensitive Data
  • SECURITY.ESD.CONSEN
  • SECURITY.ESD.PEO
  • SECURITY.UEC.HTTPS
  • SECURITY.WSC.USC
A3 機微な情報の露出CWE-312: Cleartext Storage of Sensitive Information
  • SECURITY.UEC.PWDPROP
A3 機微な情報の露出CWE-319: Cleartext Transmission of Sensitive Information
  • BD.SECURITY.TDSQL
  • PORT.HCNA
A3機微な情報の露出CWE-321: Use of Hard-coded Cryptographic Key
  • SECURITY.WSC.HCCK
A3 機微な情報の露出CWE-326: Weak Encryption
  • SECURITY.WSC.ICA
A3 機微な情報の露出CWE-327: Use of a Broken or Risky Cryptographic Algorithm
  • SECURITY.WSC.ICA
  • SECURITY.WSC.SRD
A3 機微な情報の露出CWE-328: Reversible One-Way Hash
  • SECURITY.WSC.ICA
A3 機微な情報の露出CWE-329: Not Using a Random IV with CBC Mode
  • SECURITY.WSC.ENPP
  • SECURITY.WSC.IVR
A3 機微な情報の露出CWE-347: Improper Verification of Cryptographic Signature
  • SECURITY.WSC.VJFS
A3 機微な情報の露出CWE-359: Exposure of Private Information (Privacy Violation)
  • SECURITY.ESD.CONSEN
A5 アクセス制御の不備CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • BD.SECURITY.TDFNAMES
A5 アクセス制御の不備CWE-284: Improper Access Control (Authorization)
  • EJB.DPANY
A6 不適切なセキュリティ設定CWE-5: J2EE Misconfiguration: Data Transmission Without Encryption
  • PROPS.PLAIN
A6 不適切なセキュリティ設定CWE-6: J2EE Misconfiguration: Insufficient Session-ID Length
  • SECURITY.UEC.SLID
A6 不適切なセキュリティ設定CWE-7: J2EE Misconfiguration: Missing Custom Error Page
  • SECURITY.UEC.SEP
A6 不適切なセキュリティ設定CWE-8: J2EE Misconfiguration: Entity Bean Declared Remote
  • EJB.RR
A6 不適切なセキュリティ設定CWE-9: J2EE Misconfiguration: Weak Access Permissions for EJB Methods
  • EJB.DPANY
A6 不適切なセキュリティ設定CWE-555: J2EE Misconfiguration: Plaintext Password in Configuration File
  • HIBERNATE.UPWD
  • SECURITY.UEC.PWDXML
A6 不適切なセキュリティ設定CWE-391: Unchecked Error Condition
  • PB.TYPO.AECB
A6 不適切なセキュリティ設定CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference
  • EXCEPT.NCNPE
A6 不適切なセキュリティ設定CWE-396: Declaration of Catch for Generic Exception
  • CODSTA.EPC.NCE
A6 不適切なセキュリティ設定CWE-397: Declaration of Throws for Generic Exception
  • CODSTA.BP.NTX
  • EXCEPT.NTERR
A7 クロスサイトスクリプティング(XSS)CWE-79: Improper neutralization of user supplied input
  • SECURITY.IBA.CDBV
  • BD.SECURITY.TDRESP
  • BD.SECURITY.TDXSS
A8 安全でないデシリアライゼーションCWE-502: Deserialization of Untrusted Data
  • SERIAL.RWAF
  • BD.SECURITY.SSSD
  • PB.API.MASP
  • SECURITY.WSC.DSER
A10 不十分なロギングとモニタリングCWE-778: Insufficient Logging
  • SECURITY.BV.ENFL


  • No labels

Need assistance? Visit our support page