Versions Compared

Old Version 1

changes.mady.by.user Izabela Jarosz

Saved on

compared with

New Version 2

changes.mady.by.user Izabela Jarosz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This section includes rule mapping for the CWE standard. The mapping information for other standards is available in the PDF rule mapping files shipped with Compliance Packs.

CWE Top 25 2023 Mapping

CWE ID

CWE Name

Parasoft rule ID(s)

CWE-787

Out-of-bounds Write

  • CWE-787-a
  • CWE-787-b
  • CWE-787-c
  • CWE-787-d
  • CWE-787-e
  • CWE-787-f
  • CWE-787-g
  • CWE-787-h
  • CWE-787-i

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

N/A

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

  • CWE-89-a

CWE-416

Use After Free

  • CWE-416-a
  • CWE-416-b
  • CWE-416-c

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

  • CWE-78-a

CWE-20

Improper Input Validation

  • CWE-20-a
  • CWE-20-b
  • CWE-20-c
  • CWE-20-d
  • CWE-20-e
  • CWE-20-f
  • CWE-20-g
  • CWE-20-h
  • CWE-20-i
  • CWE-20-j

CWE-125

Out-of-bounds Read

  • CWE-125-a
  • CWE-125-b
  • CWE-125-c
  • CWE-125-d
  • CWE-125-e
  • CWE-125-f

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

  • CWE-22-a

CWE-352

Cross-Site Request Forgery (CSRF)

N/A

CWE-434

Unrestricted Upload of File with Dangerous Type

N/A

CWE-862

Missing Authorization

N/A

CWE-476

NULL Pointer Dereference

  • CWE-476-a

CWE-287

Improper Authentication

  • CWE-287-a

CWE-190

Integer Overflow or Wraparound

  • CWE-190-a
  • CWE-190-b
  • CWE-190-c
  • CWE-190-d
  • CWE-190-e
  • CWE-190-f
  • CWE-190-g
  • CWE-190-h
  • CWE-190-i
  • CWE-190-j
  • CWE-190-k

CWE-502

Deserialization of Untrusted Data

N/A

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

  • CWE-77-a

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-119-a
  • CWE-119-b
  • CWE-119-c
  • CWE-119-d
  • CWE-119-e
  • CWE-119-f
  • CWE-119-g
  • CWE-119-h
  • CWE-119-i
  • CWE-119-j
  • CWE-119-k
  • CWE-119-l

CWE-798

Use of Hard-coded Credentials

  • CWE-798-a

CWE-918

Server-Side Request Forgery (SSRF)

N/A

CWE-306

Missing Authentication for Critical Function

N/A

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

  • CWE-362-a
  • CWE-362-b
  • CWE-362-c
  • CWE-362-d
  • CWE-362-e

CWE-269

Improper Privilege Management

  • CWE-269-a
  • CWE-269-b

CWE-94

Improper Control of Generation of Code ('Code Injection')

N/A

CWE-863

Incorrect Authorization

  • CWE-863-a

CWE-276

Incorrect Default Permissions

N/A

CWE Weaknesses On the Cusp 2023 Mapping

...