OWASP Top 10 - 2017

OWASP CategoryCWE IDParasoft Rule IDs
A1 InjectionCWE-77: Command Injection
  • BD-SECURITY-TDCMD
A1 InjectionCWE-89: SQL Injection
  • BD-SECURITY-TDSQL
A3 Sensitive Data ExposureCWE-326: Weak Encryption
  • SECURITY-37
A3 Sensitive Data ExposureCWE-327: Use of a Broken or Risky Cryptographic Algorithm
  • SECURITY-02
  • SECURITY-28
  • SECURITY-37
A5 Broken Access ControlCWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • BD-SECURITY-TDFNAMES
A6 Security MisconfigurationCWE-391: Unchecked Error Condition
  • BD-PB-ERRNO
A6 Security MisconfigurationCWE-396: Declaration of Catch for Generic Exception
  • EXCEPT-17
A10 Insufficient Logging & MonitoringCWE-223: Omission of Security-relevant Information

  • SECURITY-14
  • SECURITY-15