Vulnerability Categories

The vulnerabilities found in the OWASP Juice Shop are categorized into several different classes. Most of them cover different risk or vulnerability types from well-known lists or documents, such as OWASP Top 10 or MITRE's Common Weakness Enumeration. The following table presents a mapping of the Juice Shop's categories to OWASP and CWE (without claiming to be complete).

Category breakdown

Category Mappings

Category OWASP CWE
Injection A1:2017 CWE-74
Broken Authentication A2:2017 CWE-287, CWE-352
Forgotten Content OTG-CONFIG-004
Roll your own Security A10:2017 CWE-326, CWE-601
Sensitive Data Exposure A3:2017 CWE-200, CWE-327, CWE-328, CWE-548
XML External Entities (XXE) A4:2017 CWE-611
Improper Input Validation ASVS V5 CWE-20
Broken Access Control A5:2017 CWE-22, CWE-285, CWE-639
Security Misconfiguration A6:2017 CWE-209
Cross Site Scripting (XSS) A7:2017 CWE-79
Insecure Deserialization A8:2017 CWE-502
Vulnerable Components A9:2017
Security through Obscurity CWE-656
Race Condition OWASP-AT-010 CWE-362

results matching ""

    No results matching ""