{
"metadata": {
"default": null
},
"content": [
{
"id": "ai_application_security",
"cwe": null
},
{
"id": "algorithmic_biases",
"cwe": null,
"children": [
{
"id": "aggregation_bias",
"cwe": null
},
{
"id": "processing_bias",
"cwe": null
}
]
},
{
"id": "application_level_denial_of_service_dos",
"cwe": [
"CWE-400"
]
},
{
"id": "automotive_security_misconfiguration",
"cwe": null,
"children": [
{
"id": "abs",
"cwe": null
},
{
"id": "battery_management_system",
"cwe": null
},
{
"id": "can",
"cwe": null
},
{
"id": "gnss_gps",
"cwe": null
},
{
"id": "immobilizer",
"cwe": null
},
{
"id": "infotainment_radio_head_unit",
"cwe": null
},
{
"id": "rf_hub",
"cwe": null
},
{
"id": "rsu",
"cwe": null
}
]
},
{
"id": "blockchain_infrastructure_misconfiguration",
"cwe": null
},
{
"id": "broken_access_control",
"cwe": [
"CWE-723"
],
"children": [
{
"id": "exposed_sensitive_android_intent",
"cwe": [
"CWE-927"
]
},
{
"id": "exposed_sensitive_ios_url_scheme",
"cwe": [
"CWE-939"
]
},
{
"id": "idor",
"cwe": [
"CWE-932"
]
},
{
"id": "privilege_escalation",
"cwe": [
"CWE-269"
]
},
{
"id": "username_enumeration",
"cwe": [
"CWE-200"
]
}
]
},
{
"id": "broken_authentication_and_session_management",
"cwe": [
"CWE-930"
],
"children": [
{
"id": "authentication_bypass",
"cwe": [
"CWE-287"
]
},
{
"id": "cleartext_transmission_of_session_token",
"cwe": [
"CWE-319"
]
},
{
"id": "concurrent_logins",
"cwe": [
"CWE-1018"
]
},
{
"id": "failure_to_invalidate_session",
"cwe": [
"CWE-613"
]
},
{
"id": "session_fixation",
"cwe": [
"CWE-384"
]
},
{
"id": "two_fa_bypass",
"cwe": [
"CWE-304"
]
},
{
"id": "weak_login_function",
"cwe": [
"CWE-523"
]
},
{
"id": "weak_registration_implementation",
"children": [
{
"id": "over_http",
"cwe": [
"CWE-311"
]
}
]
}
]
},
{
"id": "client_side_injection",
"cwe": [
"CWE-929"
]
},
{
"id": "cross_site_request_forgery_csrf",
"cwe": [
"CWE-352"
]
},
{
"id": "cross_site_scripting_xss",
"cwe": [
"CWE-79"
]
},
{
"id": "cryptographic_weakness",
"cwe": [
"CWE-310",
"CWE-1205"
],
"children": [
{
"id": "broken_cryptography",
"cwe": [
"CWE-327"
],
"children": [
{
"id": "use_of_broken_cryptographic_primitive",
"cwe": [
"CWE-327"
]
},
{
"id": "use_of_vulnerable_cryptographic_library",
"cwe": [
"CWE-327"
]
}
]
},
{
"id": "incomplete_cleanup_of_keying_material",
"cwe": [
"CWE-459"
]
},
{
"id": "insecure_implementation",
"cwe": [
"CWE-573"
],
"children": [
{
"id": "improper_following_of_specification",
"cwe": [
"CWE-358",
"CWE-573"
]
},
{
"id": "missing_cryptographic_step",
"cwe": [
"CWE-325"
]
}
]
},
{
"id": "insecure_key_generation",
"cwe": null,
"children": [
{
"id": "improper_asymmetric_exponent_selection",
"cwe": [
"CWE-326",
"CWE-1240"
]
},
{
"id": "improper_asymmetric_prime_selection",
"cwe": [
"CWE-326",
"CWE-1240"
]
},
{
"id": "insufficient_key_space",
"cwe": [
"CWE-326",
"CWE-331",
"CWE-1240"
]
},
{
"id": "insufficient_key_stretching",
"cwe": [
"CWE-326",
"CWE-1240"
]
},
{
"id": "key_exchange_without_entity_authentication",
"cwe": [
"CWE-322"
]
}
]
},
{
"id": "insufficient_entropy",
"cwe": [
"CWE-330",
"CWE-331"
],
"children": [
{
"id": "initialization_vector_reuse",
"cwe": [
"CWE-1204"
]
},
{
"id": "limited_rng_entropy_source",
"cwe": [
"CWE-338",
"CWE-332"
]
},
{
"id": "predictable_initialization_vector",
"cwe": [
"CWE-340"
]
},
{
"id": "predictable_prng_seed",
"cwe": [
"CWE-337"
]
},
{
"id": "prng_seed_reuse",
"cwe": [
"CWE-336"
]
},
{
"id": "small_seed_space_in_prng",
"cwe": [
"CWE-339",
"CWE-334"
]
},
{
"id": "use_of_trng_for_nonsecurity_purpose",
"cwe": [
"CWE-333"
]
}
]
},
{
"id": "insufficient_verification_of_data_authenticity",
"cwe": [
"CWE-345"
],
"children": [
{
"id": "cryptographic_signature",
"cwe": [
"CWE-347"
]
},
{
"id": "identity_check_value",
"cwe": [
"CWE-353",
"CWE-354",
"CWE-924"
]
}
]
},
{
"id": "key_reuse",
"cwe": [
"CWE-323"
],
"children": [
{
"id": "inter_environment",
"cwe": [
"CWE-323"
]
},
{
"id": "intra_environment",
"cwe": [
"CWE-323"
]
},
{
"id": "lack_of_perfect_forward_secrecy",
"cwe": [
"CWE-323"
]
}
]
},
{
"id": "side_channel_attack",
"cwe": [
"CWE-203",
"CWE-1300"
],
"children": [
{
"id": "differential_fault_analysis",
"cwe": [
"CWE-204",
"CWE-205"
]
},
{
"id": "emanations_attack",
"cwe": [
"CWE-1300"
]
},
{
"id": "padding_oracle_attack",
"cwe": [
"CWE-780"
]
},
{
"id": "power_analysis_attack",
"cwe": [
"CWE-1300"
]
},
{
"id": "timing_attack",
"cwe": [
"CWE-208"
]
}
]
},
{
"id": "use_of_expired_cryptographic_key_or_cert",
"cwe": [
"CWE-295",
"CWE-298",
"CWE-299",
"CWE-324"
]
},
{
"id": "weak_hash",
"cwe": [
"CWE-328"
],
"children": [
{
"id": "lack_of_salt",
"cwe": [
"CWE-759",
"CWE-916"
]
},
{
"id": "predictable_hash_collision",
"cwe": [
"CWE-328"
]
},
{
"id": "use_of_predictable_salt",
"cwe": [
"CWE-760"
]
}
]
}
]
},
{
"id": "data_biases",
"cwe": null,
"children": [
{
"id": "pre_existing_bias",
"cwe": null
},
{
"id": "representation_bias",
"cwe": null
}
]
},
{
"id": "decentralized_application_misconfiguration",
"cwe": null
},
{
"id": "developer_biases",
"cwe": null,
"children": [
{
"id": "implicit_bias",
"cwe": null
}
]
},
{
"id": "external_behavior",
"cwe": null
},
{
"id": "indicators_of_compromise",
"cwe": null
},
{
"id": "insecure_data_storage",
"cwe": [
"CWE-729",
"CWE-922"
],
"children": [
{
"id": "non_sensitive_application_data_stored_unencrypted",
"cwe": [
"CWE-312"
]
},
{
"id": "sensitive_application_data_stored_unencrypted",
"cwe": [
"CWE-312"
]
},
{
"id": "server_side_credentials_storage",
"cwe": [
"CWE-522"
],
"children": [
{
"id": "plaintext",
"cwe": [
"CWE-256"
]
}
]
}
]
},
{
"id": "insecure_data_transport",
"cwe": [
"CWE-311",
"CWE-319"
],
"children": [
{
"id": "cleartext_transmission_of_sensitive_data",
"cwe": [
"CWE-319"
]
},
{
"id": "executable_download",
"children": [
{
"id": "no_secure_integrity_check",
"cwe": [
"CWE-353",
"CWE-354",
"CWE-494"
]
}
]
}
]
},
{
"id": "insecure_os_firmware",
"children": [
{
"id": "command_injection",
"cwe": [
"CWE-77"
]
},
{
"id": "data_not_encrypted_at_rest",
"children": [
{
"id": "non_sensitive",
"cwe": [
"CWE-311"
]
},
{
"id": "sensitive",
"cwe": [
"CWE-311"
]
}
]
},
{
"id": "failure_to_remove_sensitive_artifacts_from_disk",
"cwe": [
"CWE-459"
]
},
{
"id": "hardcoded_password",
"cwe": [
"CWE-259"
]
},
{
"id": "kiosk_escape_or_breakout",
"cwe": [
"CWE-284"
]
},
{
"id": "local_administrator_on_default_environment",
"cwe": [
"CWE-276"
]
},
{
"id": "over_permissioned_credentials_on_storage",
"cwe": [
"CWE-250"
]
},
{
"id": "poorly_configured_disk_encryption",
"cwe": [
"CWE-326"
]
},
{
"id": "poorly_configured_operating_system_security",
"cwe": [
"CWE-16"
]
},
{
"id": "recovery_of_disk_contains_sensitive_material",
"cwe": [
"CWE-522"
]
},
{
"id": "shared_credentials_on_storage",
"cwe": [
"CWE-798"
]
},
{
"id": "weakness_in_firmware_updates",
"children": [
{
"id": "firmware_cannot_be_updated",
"cwe": [
"CWE-434"
]
},
{
"id": "firmware_does_not_validate_update_integrity",
"cwe": [
"CWE-434"
]
},
{
"id": "firmware_is_not_encrypted",
"cwe": [
"CWE-434"
]
}
]
}
]
},
{
"id": "insufficient_security_configurability",
"cwe": [
"CWE-16"
],
"children": [
{
"id": "no_password_policy",
"cwe": [
"CWE-521"
]
},
{
"id": "password_policy_bypass",
"cwe": [
"CWE-521"
]
},
{
"id": "weak_password_policy",
"cwe": [
"CWE-521"
]
},
{
"id": "weak_password_reset_implementation",
"cwe": [
"CWE-640"
]
}
]
},
{
"id": "lack_of_binary_hardening",
"cwe": [
"CWE-693"
]
},
{
"id": "misinterpretation_biases",
"cwe": null,
"children": [
{
"id": "context_ignorance",
"cwe": null
}
]
},
{
"id": "mobile_security_misconfiguration",
"cwe": [
"CWE-919"
]
},
{
"id": "network_security_misconfiguration",
"cwe": [
"CWE-16"
]
},
{
"id": "physical_security_issues",
"children": [
{
"id": "bypass_of_physical_access_control",
"cwe": [
"CWE-1300"
]
},
{
"id": "weakness_in_physical_access_control",
"children": [
{
"id": "cloneable_key",
"cwe": [
"CWE-1300"
]
},
{
"id": "commonly_keyed_system",
"cwe": [
"CWE-284"
]
},
{
"id": "master_key_identification",
"cwe": [
"CWE-284"
]
}
]
}
]
},
{
"id": "privacy_concerns",
"cwe": [
"CWE-359"
]
},
{
"id": "protocol_specific_misconfiguration",
"cwe": null
},
{
"id": "sensitive_data_exposure",
"cwe": [
"CWE-934"
],
"children": [
{
"id": "disclosure_of_known_public_information",
"cwe": [
"CWE-200"
]
},
{
"id": "disclosure_of_secrets",
"children": [
{
"id": "pii_leakage_exposure",
"cwe": [
"CWE-200"
]
}
]
},
{
"id": "exif_geolocation_data_not_stripped_from_uploaded_images",
"cwe": [
"CWE-200"
]
},
{
"id": "graphql_introspection_enabled",
"cwe": [
"CWE-200"
]
},
{
"id": "non_sensitive_token_in_url",
"cwe": [
"CWE-200"
]
},
{
"id": "sensitive_token_in_url",
"cwe": [
"CWE-200"
]
},
{
"id": "token_leakage_via_referer",
"cwe": [
"CWE-200"
]
},
{
"id": "via_localstorage_sessionstorage",
"cwe": [
"CWE-922"
]
},
{
"id": "visible_detailed_error_page",
"cwe": [
"CWE-209",
"CWE-215"
]
},
{
"id": "weak_password_reset_implementation",
"cwe": [
"CWE-640"
]
}
]
},
{
"id": "server_security_misconfiguration",
"cwe": [
"CWE-16"
],
"children": [
{
"id": "cache_poisoning",
"cwe": [
"CWE-444"
]
},
{
"id": "captcha",
"cwe": [
"CWE-804"
]
},
{
"id": "clickjacking",
"cwe": [
"CWE-451"
]
},
{
"id": "dbms_misconfiguration",
"children": [
{
"id": "excessively_privileged_user_dba",
"cwe": [
"CWE-250"
]
}
]
},
{
"id": "directory_listing_enabled",
"cwe": [
"CWE-548"
]
},
{
"id": "insecure_ssl",
"children": [
{
"id": "insecure_cipher_suite",
"cwe": [
"CWE-326"
]
}
]
},
{
"id": "lack_of_password_confirmation",
"children": [
{
"id": "change_password",
"cwe": [
"CWE-620"
]
}
]
},
{
"id": "lack_of_security_headers",
"children": [
{
"id": "cache_control_for_a_non_sensitive_page",
"cwe": [
"CWE-525"
]
},
{
"id": "cache_control_for_a_sensitive_page",
"cwe": [
"CWE-525"
]
}
]
},
{
"id": "misconfigured_dns",
"children": [
{
"id": "zone_transfer",
"cwe": [
"CWE-669"
]
}
]
},
{
"id": "missing_secure_or_httponly_cookie_flag",
"cwe": [
"CWE-614",
"CWE-1004"
]
},
{
"id": "no_rate_limiting_on_form",
"cwe": [
"CWE-799"
],
"children": [
{
"id": "login",
"cwe": [
"CWE-307"
]
}
]
},
{
"id": "oauth_misconfiguration",
"cwe": [
"CWE-303"
],
"children": [
{
"id": "insecure_redirect_uri",
"cwe": [
"CWE-601"
]
},
{
"id": "missing_state_parameter",
"cwe": [
"CWE-352"
]
}
]
},
{
"id": "path_traversal",
"cwe": [
"CWE-22",
"CWE-73"
]
},
{
"id": "race_condition",
"cwe": [
"CWE-362",
"CWE-366",
"CWE-368",
"CWE-421"
]
},
{
"id": "request_smuggling",
"cwe": [
"CWE-444"
]
},
{
"id": "server_side_request_forgery_ssrf",
"cwe": [
"CWE-918",
"CWE-441"
]
},
{
"id": "ssl_attack_breach_poodle_etc",
"cwe": [
"CWE-310"
]
},
{
"id": "unsafe_cross_origin_resource_sharing",
"cwe": [
"CWE-942"
]
},
{
"id": "unsafe_file_upload",
"children": [
{
"id": "file_extension_filter_bypass",
"cwe": [
"CWE-434",
"CWE-646"
]
}
]
},
{
"id": "username_enumeration",
"cwe": [
"CWE-204"
]
},
{
"id": "using_default_credentials",
"cwe": [
"CWE-255",
"CWE-521"
]
}
]
},
{
"id": "server_side_injection",
"cwe": [
"CWE-929"
],
"children": [
{
"id": "content_spoofing",
"cwe": [
"CWE-451"
],
"children": [
{
"id": "homograph_idn_based",
"cwe": [
"CWE-1007"
]
}
]
},
{
"id": "file_inclusion",
"cwe": [
"CWE-73",
"CWE-714"
]
},
{
"id": "http_response_manipulation",
"children": [
{
"id": "response_splitting_crlf",
"cwe": [
"CWE-113"
]
}
]
},
{
"id": "ldap_injection",
"cwe": [
"CWE-90"
]
},
{
"id": "remote_code_execution_rce",
"cwe": [
"CWE-77",
"CWE-78",
"CWE-94",
"CWE-95"
]
},
{
"id": "sql_injection",
"cwe": [
"CWE-89"
]
},
{
"id": "ssti",
"cwe": [
"CWE-94"
]
},
{
"id": "xml_external_entity_injection_xxe",
"cwe": [
"CWE-611"
]
}
]
},
{
"id": "smart_contract_misconfiguration",
"cwe": null
},
{
"id": "societal_biases",
"cwe": null,
"children": [
{
"id": "confirmation_bias",
"cwe": null
},
{
"id": "systemic_bias",
"cwe": null
}
]
},
{
"id": "unvalidated_redirects_and_forwards",
"cwe": [
"CWE-601"
],
"children": [
{
"id": "open_redirect",
"cwe": [
"CWE-601"
]
},
{
"id": "tabnabbing",
"cwe": [
"CWE-1022"
]
}
]
},
{
"id": "using_components_with_known_vulnerabilities",
"cwe": [
"CWE-937"
]
},
{
"id": "zero_knowledge_security_misconfiguration",
"cwe": null
}
]
}