SFP Secondary Cluster: Architecture

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous meth...

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the...

The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect the environment in which the product ...

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make...

The product uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the product does not use integrity checks to detect if those ...

The product uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the ...

The product uses a more complex mechanism than necessary, which could lead to resultant weaknesses when the mechanism is not correctly understood, modeled, configured,...

The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resis...

The product violates well-established principles for secure design.

CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).