Vulnerability Categories

The vulnerabilities found in the OWASP Juice Shop are categorized into several different classes. Most of them cover different risk or vulnerability types from well-known lists or documents, such as OWASP Top 10 and OWASP API Security Top 10 or MITRE's Common Weakness Enumeration. The following table presents a mapping of the Juice Shop's categories to OWASP and CWE (without claiming to be complete).

Category breakdown

Category Mappings

Category OWASP CWE
Broken Access Control A5:2017, API1:2019, API5:2019 CWE-22, CWE-285, CWE-639
Broken Anti-Automation OWASP-AT-004, API4:2019, OWASP-AT-010 CWE-362
Broken Authentication A2:2017, API2:2019 CWE-287, CWE-352
Cross Site Scripting (XSS) A7:2017 CWE-79
Cryptographic Issues A3:2017 CWE-326, CWE-327, CWE-328, CWE-950
Improper Input Validation ASVS V5, API6:2019 CWE-20
Injection A1:2017, API8:2019 CWE-74
Insecure Deserialization A8:2017 CWE-502
Miscellaneous - -
Security Misconfiguration A6:2017, A10:2017, API7:2019, API9:2019, API10:2019 CWE-209
Security through Obscurity - CWE-656
Sensitive Data Exposure A3:2017, API3:2019, OTG-CONFIG-004 CWE-200, CWE-530, CWE-548
Unvalidated Redirects A10:2013 CWE-601
Vulnerable Components A9:2017 CWE-829, CWE-506
XML External Entities (XXE) A4:2017 CWE-611

results matching ""

    No results matching ""