Please enable JavaScript.
Coggle requires JavaScript to display documents.
OWASP TOP 10 - Coggle Diagram
-
OWASP TOP 10
-
-
A03:2021 – Injection
OWASP Proactive Controls: Secure Database Access
OWASP ASVS: V5 Input Validation and Encoding
OWASP Testing Guide: SQL Injection, Command Injection, and ORM Injection
OWASP Cheat Sheet: Injection Prevention
OWASP Cheat Sheet: SQL Injection Prevention
OWASP Cheat Sheet: Injection Prevention in Java
OWASP Cheat Sheet: Query Parameterization
OWASP Automated Threats to Web Applications – OAT-014
PortSwigger: Server-side template injection
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-83 Improper Neutralization of Script in Attributes in a Web Page
CWE-87 Improper Neutralization of Alternate XSS Syntax
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CWE-91 XML Injection (aka Blind XPath Injection)
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-97 Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CWE-99 Improper Control of Resource Identifiers ('Resource Injection')
CWE-100 Deprecated: Was catch-all for input validation issues
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-116 Improper Encoding or Escaping of Output
CWE-138 Improper Neutralization of Special Elements
CWE-184 Incomplete List of Disallowed Inputs
CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CWE-471 Modification of Assumed-Immutable Data (MAID)
CWE-564 SQL Injection: Hibernate
CWE-610 Externally Controlled Reference to a Resource in Another Sphere
CWE-643 Improper Neutralization of Data within XPath Expressions ('XPath Injection')
CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax
CWE-652 Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
-
-
-
-
-
-
-