Weaknesses in OWASP Top Ten (2004)

A view in the Common Weakness Enumeration published by The MITRE Corporation.


Objective

Views in the Common Weakness Enumeration (CWE) represent one perspective with which to consider a set of weaknesses.

CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2004, and as required for compliance with PCI DSS version 1.1. This view is considered obsolete as a newer version of the OWASP Top Ten is available.

Target Audience

Educators

Since the OWASP Top Ten covers the most frequently encountered issues, this view can be used by educators as training material for students. However, the 2007 version (CWE-629) might be more appropriate.

Product Customers

This view outlines the most important issues as identified by the OWASP Top Ten, providing customers with a way of asking their software developers to follow minimum expectations for secure code, in compliance with PCI-DSS 1.1.

Software Developers

This view outlines the most important issues as identified by the OWASP Top Ten (2004 version), providing a good starting point for web application developers who want to code more securely, as well as complying with PCI DSS 1.1.

Categories

Deprecated or Obsolete

OWASP Top Ten 2004 Category A1 - Unvalidated Input

Weaknesses in this category are related to the A1 category in the OWASP Top Ten 2004.

OWASP Top Ten 2004 Category A2 - Broken Access Control

Weaknesses in this category are related to the A2 category in the OWASP Top Ten 2004.

OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management

Weaknesses in this category are related to the A3 category in the OWASP Top Ten 2004.

OWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) Flaws

Weaknesses in this category are related to the A4 category in the OWASP Top Ten 2004.

OWASP Top Ten 2004 Category A5 - Buffer Overflows

Weaknesses in this category are related to the A5 category in the OWASP Top Ten 2004.

OWASP Top Ten 2004 Category A6 - Injection Flaws

Weaknesses in this category are related to the A6 category in the OWASP Top Ten 2004.

OWASP Top Ten 2004 Category A7 - Improper Error Handling

Weaknesses in this category are related to the A7 category in the OWASP Top Ten 2004.

OWASP Top Ten 2004 Category A8 - Insecure Storage

Weaknesses in this category are related to the A8 category in the OWASP Top Ten 2004.

OWASP Top Ten 2004 Category A9 - Denial of Service

Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2004.

OWASP Top Ten 2004 Category A10 - Insecure Configuration Management

Weaknesses in this category are related to the A10 category in the OWASP Top Ten 2004.

See Also

  1. Top 10 2004
  2. About the PCI Data Security Standard (PCI DSS)

    PCI Security Standards Council


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.