Vulnerability Categories

The vulnerabilities found in the Shop are categorized into several different classes. Most of them cover different risk or vulnerability types from well-known lists or documents, such as OWASP Top 10 or MITRE's Common Weakness Enumeration. The following table presents a mapping of the Shop's categories to OWASP and CWE (without claiming to be complete).

Category Mappings

Category

OWASP

CWE

Injection

A1:2017

CWE-74

Broken Authentication

A2:2017

CWE-287, CWE-352

Forgotten Content

OTG-CONFIG-004

Roll your own Security

A10:2017

CWE-326, CWE-601

Sensitive Data Exposure

A3:2017

CWE-200, CWE-327, CWE-328, CWE-548

XML External Entities (XXE)

A4:2017

CWE-611

Improper Input Validation

ASVS V5

CWE-20

Broken Access Control

A5:2017

CWE-22, CWE-285, CWE-639

Security Misconfiguration

A6:2017

CWE-209

Cross Site Scripting (XSS)

A7:2017

CWE-79

Insecure Deserialization

A8:2017

CWE-502

Vulnerable Components

A9:2017

Security through Obscurity

CWE-656

PreviousHacking preparationsNextHacking exercise rules

Last updated