search

Vulnerability Categories

The vulnerabilities found in the Shop are categorized into several different classes. Most of them cover different risk or vulnerability types from well-known lists or documents, such as OWASP Top 10arrow-up-right or MITRE's Common Weakness Enumerationarrow-up-right. The following table presents a mapping of the Shop's categories to OWASP and CWE (without claiming to be complete).

hashtag
Category Mappings

Category

OWASP

CWE

Injection

A1:2017arrow-up-right

CWE-74arrow-up-right

Broken Authentication

A2:2017arrow-up-right

CWE-287arrow-up-right, CWE-352arrow-up-right

Forgotten Content

OTG-CONFIG-004arrow-up-right

Roll your own Security

A10:2017arrow-up-right

CWE-326arrow-up-right, CWE-601arrow-up-right

Sensitive Data Exposure

A3:2017arrow-up-right

CWE-200arrow-up-right, CWE-327arrow-up-right, CWE-328arrow-up-right, CWE-548arrow-up-right

XML External Entities (XXE)

A4:2017arrow-up-right

CWE-611arrow-up-right

Improper Input Validation

ASVS V5arrow-up-right

CWE-20arrow-up-right

Broken Access Control

A5:2017arrow-up-right

CWE-22arrow-up-right, CWE-285arrow-up-right, CWE-639arrow-up-right

Security Misconfiguration

A6:2017arrow-up-right

CWE-209arrow-up-right

Cross Site Scripting (XSS)

A7:2017arrow-up-right

CWE-79arrow-up-right

Insecure Deserialization

A8:2017arrow-up-right

CWE-502arrow-up-right

Vulnerable Components

A9:2017arrow-up-right

Security through Obscurity

CWE-656arrow-up-right

PreviousHacking preparationsNextHacking exercise rules

Last updated