This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:Vulnerability"
| Line 1: | Line 1: | ||
'''Application Security Vulnerability Types''' | '''Application Security Vulnerability Types''' | ||
| − | This category is for common types of software vulnerabilities, both design flaws and implementation bugs. | + | This category is for common types of software vulnerabilities, both design flaws and implementation bugs. A vulnerability is an implementation problem that allows an attacker to cause harm to the stakeholders of an application. Stakeholders include the application owner, application users, and other entities that rely on the application. The term "vulnerability" is often used very loosely. However, here we need to distinguish [[:Category:Threat|threats]], [[:Category:Attack|attacks]], and [[:Category:Countermeasure|countermeasures]]. |
Please '''do not post any actual vulnerabilities''' in products, services, or web applications. Those disclosure reports should be posted to bugtraq or full-disclosure mailing lists. | Please '''do not post any actual vulnerabilities''' in products, services, or web applications. Those disclosure reports should be posted to bugtraq or full-disclosure mailing lists. | ||
| + | |||
| + | ==Adding a Vulnerability== | ||
| + | |||
| + | Please, before you add a vulnerability, please search and make sure there isn't an equivalent one already. You may want to consider creating a redirect if the topic is the same. Every vulnerability article has a defined structure. Please read the details of [[How To Add a Vulnerability]] before creating a new article. | ||
{{Template:PutInCategory}} | {{Template:PutInCategory}} | ||
==Vulnerabilities== | ==Vulnerabilities== | ||
| − | |||
| − | |||
For a great overview, check out the [[OWASP Top Ten Project]]. You can read about the top vulnerabilities and download a paper that covers them in detail. Many organizations and agencies use the Top Ten as a way of creating awareness about application security. | For a great overview, check out the [[OWASP Top Ten Project]]. You can read about the top vulnerabilities and download a paper that covers them in detail. Many organizations and agencies use the Top Ten as a way of creating awareness about application security. | ||
| − | |||
| − | |||
[[Category:Article Type]] | [[Category:Article Type]] | ||
Revision as of 16:30, 1 June 2006
Application Security Vulnerability Types
This category is for common types of software vulnerabilities, both design flaws and implementation bugs. A vulnerability is an implementation problem that allows an attacker to cause harm to the stakeholders of an application. Stakeholders include the application owner, application users, and other entities that rely on the application. The term "vulnerability" is often used very loosely. However, here we need to distinguish threats, attacks, and countermeasures.
Please do not post any actual vulnerabilities in products, services, or web applications. Those disclosure reports should be posted to bugtraq or full-disclosure mailing lists.
Adding a Vulnerability
Please, before you add a vulnerability, please search and make sure there isn't an equivalent one already. You may want to consider creating a redirect if the topic is the same. Every vulnerability article has a defined structure. Please read the details of How To Add a Vulnerability before creating a new article.
How to add a new Vulnerability article
You can follow the instructions to make a new Vulnerability article. Please use the appropriate structure and follow the Tutorial. Be sure to paste the following at the end of your article to make it show up in the Vulnerability category:
[[Category:Vulnerability]]
Vulnerabilities
For a great overview, check out the OWASP Top Ten Project. You can read about the top vulnerabilities and download a paper that covers them in detail. Many organizations and agencies use the Top Ten as a way of creating awareness about application security.
Subcategories
This category has the following 20 subcategories, out of 20 total.
A
C
E
G
I
L
P
S
U
Pages in category "Vulnerability"
The following 63 pages are in this category, out of 63 total.
C
I
P
U
- Unchecked Error Condition
- Unchecked Return Value: Missing Check against Null
- Undefined Behavior
- Unreleased Resource
- Unrestricted File Upload
- Unsafe function call from a signal handler
- Unsafe JNI
- Unsafe Mobile Code
- Unsafe use of Reflection
- Use of hard-coded password
- Use of Obsolete Methods
- Using a broken or risky cryptographic algorithm
- Using freed memory
