View: Weaknesses in OWASP Top Ten (2013)

Obsolete

Type: Graph

Objective

CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2013. This view is considered obsolete as a newer version of the OWASP Top Ten is available.

Audience

Type	Description
Software Developers	This view outlines the most important issues as identified by the OWASP Top Ten (2013 version), providing a good starting point for web application developers who want to code more securely.
Product Customers	This view outlines the most important issues as identified by the OWASP Top Ten (2013 version), providing customers with a way of asking their software developers to follow minimum expectations for secure code.
Educators	Since the OWASP Top Ten covers the most frequently encountered issues, this view can be used by educators as training material for students.

Relationships

Weaknesses in OWASP Top Ten (2013)- (CWE-928)

OWASP Top Ten 2013 Category A1 - Injection- (CWE-929)

OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management- (CWE-930)

OWASP Top Ten 2013 Category A3 - Cross-Site Scripting (XSS)- (CWE-931)

OWASP Top Ten 2013 Category A4 - Insecure Direct Object References- (CWE-932)

OWASP Top Ten 2013 Category A5 - Security Misconfiguration- (CWE-933)

OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure- (CWE-934)

OWASP Top Ten 2013 Category A7 - Missing Function Level Access Control- (CWE-935)

OWASP Top Ten 2013 Category A8 - Cross-Site Request Forgery (CSRF)- (CWE-936)

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities- (CWE-937)

OWASP Top Ten 2013 Category A10 - Unvalidated Redirects and Forwards- (CWE-938)

Mapping Notes

Usage: Prohibited

Reasons: View

Rationale:

This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.

Comment:

Use this View or other Views to search and navigate for the appropriate weakness.