Vulnerability Categories

The vulnerabilities found in the OWASP Juice Shop are categorized into several different classes. Most of them cover different risk or vulnerability types from well-known lists or documents, such as OWASP Top 10 or MITRE's Common Weakness Enumeration. The following table presents a mapping of the Juice Shop's categories to OWASP and CWE (without claiming to be complete).

Category breakdown

Category Mappings

Category OWASP CWE
Broken Access Control A5:2017 CWE-22, CWE-285, CWE-639
Broken Anti-Automation OWASP-AT-004), OWASP-AT-010 CWE-362
Broken Authentication A2:2017 CWE-287, CWE-352
Cross Site Scripting (XSS) A7:2017 CWE-79
Cryptographic Issues A3:2017 CWE-326, CWE-327, CWE-328, CWE-950
Improper Input Validation ASVS V5 CWE-20
Injection A1:2017 CWE-74
Insecure Deserialization A8:2017 CWE-502
Miscellaneous - -
Security Misconfiguration A6:2017, A10:2017 CWE-209
Security through Obscurity - CWE-656
Sensitive Data Exposure A3:2017, OTG-CONFIG-004 CWE-200, CWE-530, CWE-548
Unvalidated Redirects A10:2013 CWE-601
Vulnerable Components A9:2017 CWE-829
XML External Entities (XXE) A4:2017 CWE-611

results matching ""

    No results matching ""