-
Notifications
You must be signed in to change notification settings - Fork 2
/
cwe_detection_temp.json
1 lines (1 loc) · 333 KB
/
cwe_detection_temp.json
1
[{"_key":"cwe_detection_00017","_id":"cwe_detection/cwe_detection_00017","_rev":"_dVfOTk2---","original_id":"14","name":"Compiler Removal of Code to Clear Buffers","metadata":{"Method":"Black Box","Description":"This specific weakness is impossible to detect using black box methods. While an analyst could examine memory to see that it has not been scrubbed, an analysis of the executable would not be successful. This is because the compiler has already removed the relevant code. Only the source code shows whether the programmer intended to clear the memory or not, so this weakness is indistinguishable from others."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00018","_id":"cwe_detection/cwe_detection_00018","_rev":"_dVfOTk2--_","original_id":"14","name":"Compiler Removal of Code to Clear Buffers","metadata":{"Method":"White Box","Description":"This weakness is only detectable using white box methods (see black box detection factor). Careful analysis is required to determine if the code is likely to be removed by the compiler."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00032","_id":"cwe_detection/cwe_detection_00032","_rev":"_dVfOTk2--A","original_id":"20","name":"Improper Input Validation","metadata":{"Method":"Automated Static Analysis","Description":"\n Some instances of improper input validation can be detected using automated static analysis.\n A static analysis tool might allow the user to specify which application-specific methods or functions perform input validation; the tool might also have built-in knowledge of validation frameworks such as Struts. The tool may then suppress or de-prioritize any associated warnings. This allows the analyst to focus on areas of the software in which input validation does not appear to be present.\n Except in the cases described in the previous paragraph, automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or require any code changes.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00033","_id":"cwe_detection/cwe_detection_00033","_rev":"_dVfOTk2--B","original_id":"20","name":"Improper Input Validation","metadata":{"Method":"Manual Static Analysis","Description":"When custom input validation is required, such as when enforcing business rules, manual analysis is necessary to ensure that the validation is properly implemented."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00034","_id":"cwe_detection/cwe_detection_00034","_rev":"_dVfOTk2--C","original_id":"20","name":"Improper Input Validation","metadata":{"Method":"Fuzzing","Description":"Fuzzing techniques can be useful for detecting input validation errors. When unexpected inputs are provided to the software, the software should not crash or otherwise become unstable, and it should generate application-controlled error messages. If exceptions or interpreter-generated error messages occur, this indicates that the input was not detected and handled within the application logic itself."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00035","_id":"cwe_detection/cwe_detection_00035","_rev":"_dVfOTk2--D","original_id":"20","name":"Improper Input Validation","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n Binary Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00036","_id":"cwe_detection/cwe_detection_00036","_rev":"_dVfOTk2--E","original_id":"20","name":"Improper Input Validation","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00037","_id":"cwe_detection/cwe_detection_00037","_rev":"_dVfOTk2--F","original_id":"20","name":"Improper Input Validation","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00038","_id":"cwe_detection/cwe_detection_00038","_rev":"_dVfOTk2--G","original_id":"20","name":"Improper Input Validation","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n \n \n Cost effective for partial coverage:\n \n \n Host Application Interface Scanner\n Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00039","_id":"cwe_detection/cwe_detection_00039","_rev":"_dVfOTk2--H","original_id":"20","name":"Improper Input Validation","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00040","_id":"cwe_detection/cwe_detection_00040","_rev":"_dVfOTk2--I","original_id":"20","name":"Improper Input Validation","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00041","_id":"cwe_detection/cwe_detection_00041","_rev":"_dVfOTk2--J","original_id":"20","name":"Improper Input Validation","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Attack Modeling\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00053","_id":"cwe_detection/cwe_detection_00053","_rev":"_dVfOTk2--K","original_id":"22","name":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","metadata":{"Method":"Automated Static Analysis","Description":"Automated techniques can find areas where path traversal weaknesses exist. However, tuning or customization may be required to remove or de-prioritize path-traversal problems that are only exploitable by the software's administrator - or other privileged users - and thus potentially valid behavior or, at worst, a bug instead of a vulnerability."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00054","_id":"cwe_detection/cwe_detection_00054","_rev":"_dVfOTk2--L","original_id":"22","name":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","metadata":{"Method":"Manual Static Analysis","Description":"Manual white box techniques may be able to provide sufficient code coverage and reduction of false positives if all file access operations can be assessed within limited time constraints."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00055","_id":"cwe_detection/cwe_detection_00055","_rev":"_dVfOTk2--M","original_id":"22","name":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n \n \n Cost effective for partial coverage:\n \n \n Binary Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00056","_id":"cwe_detection/cwe_detection_00056","_rev":"_dVfOTk2--N","original_id":"22","name":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00057","_id":"cwe_detection/cwe_detection_00057","_rev":"_dVfOTk2--O","original_id":"22","name":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00058","_id":"cwe_detection/cwe_detection_00058","_rev":"_dVfOTk2--P","original_id":"22","name":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00059","_id":"cwe_detection/cwe_detection_00059","_rev":"_dVfOTk2--Q","original_id":"22","name":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Manual Source Code Review (not inspections)\n \n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00060","_id":"cwe_detection/cwe_detection_00060","_rev":"_dVfOTk2--R","original_id":"22","name":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00061","_id":"cwe_detection/cwe_detection_00061","_rev":"_dVfOTk2--S","original_id":"22","name":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00086","_id":"cwe_detection/cwe_detection_00086","_rev":"_dVfOTk2--T","original_id":"34","name":"Path Traversal: '....//'","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00087","_id":"cwe_detection/cwe_detection_00087","_rev":"_dVfOTk2--U","original_id":"34","name":"Path Traversal: '....//'","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n Formal Methods / Correct-By-Construction\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00101","_id":"cwe_detection/cwe_detection_00101","_rev":"_dVfOTk2--V","original_id":"41","name":"Improper Resolution of Path Equivalence","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00102","_id":"cwe_detection/cwe_detection_00102","_rev":"_dVfOTk2--W","original_id":"41","name":"Improper Resolution of Path Equivalence","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00103","_id":"cwe_detection/cwe_detection_00103","_rev":"_dVfOTk2--X","original_id":"41","name":"Improper Resolution of Path Equivalence","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00104","_id":"cwe_detection/cwe_detection_00104","_rev":"_dVfOTk2--Y","original_id":"41","name":"Improper Resolution of Path Equivalence","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00105","_id":"cwe_detection/cwe_detection_00105","_rev":"_dVfOTk2--Z","original_id":"41","name":"Improper Resolution of Path Equivalence","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00106","_id":"cwe_detection/cwe_detection_00106","_rev":"_dVfOTk6---","original_id":"41","name":"Improper Resolution of Path Equivalence","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00107","_id":"cwe_detection/cwe_detection_00107","_rev":"_dVfOTk6--_","original_id":"41","name":"Improper Resolution of Path Equivalence","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00117","_id":"cwe_detection/cwe_detection_00117","_rev":"_dVfOTk6--A","original_id":"59","name":"Improper Link Resolution Before File Access ('Link Following')","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00118","_id":"cwe_detection/cwe_detection_00118","_rev":"_dVfOTk6--B","original_id":"59","name":"Improper Link Resolution Before File Access ('Link Following')","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00119","_id":"cwe_detection/cwe_detection_00119","_rev":"_dVfOTk6--C","original_id":"59","name":"Improper Link Resolution Before File Access ('Link Following')","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00120","_id":"cwe_detection/cwe_detection_00120","_rev":"_dVfOTk6--D","original_id":"59","name":"Improper Link Resolution Before File Access ('Link Following')","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00121","_id":"cwe_detection/cwe_detection_00121","_rev":"_dVfOTk6--E","original_id":"59","name":"Improper Link Resolution Before File Access ('Link Following')","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00122","_id":"cwe_detection/cwe_detection_00122","_rev":"_dVfOTk6--F","original_id":"59","name":"Improper Link Resolution Before File Access ('Link Following')","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00123","_id":"cwe_detection/cwe_detection_00123","_rev":"_dVfOTk6--G","original_id":"59","name":"Improper Link Resolution Before File Access ('Link Following')","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00129","_id":"cwe_detection/cwe_detection_00129","_rev":"_dVfOTk6--H","original_id":"66","name":"Improper Handling of File Names that Identify Virtual Resources","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00130","_id":"cwe_detection/cwe_detection_00130","_rev":"_dVfOTk6--I","original_id":"66","name":"Improper Handling of File Names that Identify Virtual Resources","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00131","_id":"cwe_detection/cwe_detection_00131","_rev":"_dVfOTk6--J","original_id":"66","name":"Improper Handling of File Names that Identify Virtual Resources","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00132","_id":"cwe_detection/cwe_detection_00132","_rev":"_dVfOTk6--K","original_id":"66","name":"Improper Handling of File Names that Identify Virtual Resources","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00133","_id":"cwe_detection/cwe_detection_00133","_rev":"_dVfOTk6--L","original_id":"66","name":"Improper Handling of File Names that Identify Virtual Resources","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00134","_id":"cwe_detection/cwe_detection_00134","_rev":"_dVfOTk6--M","original_id":"66","name":"Improper Handling of File Names that Identify Virtual Resources","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00135","_id":"cwe_detection/cwe_detection_00135","_rev":"_dVfOTk6--N","original_id":"66","name":"Improper Handling of File Names that Identify Virtual Resources","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00149","_id":"cwe_detection/cwe_detection_00149","_rev":"_dVfOTk6--O","original_id":"73","name":"External Control of File Name or Path","metadata":{"Method":"Automated Static Analysis","Description":"\n The external control or influence of filenames can often be detected using automated static analysis that models data flow within the software.\n Automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or require any code changes.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00178","_id":"cwe_detection/cwe_detection_00178","_rev":"_dVfOTk6--P","original_id":"78","name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","metadata":{"Method":"Automated Static Analysis","Description":"\n This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.\n Automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or require any code changes.\n Automated static analysis might not be able to detect the usage of custom API functions or third-party libraries that indirectly invoke OS commands, leading to false negatives - especially if the API/library code is not available for analysis.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00179","_id":"cwe_detection/cwe_detection_00179","_rev":"_dVfOTk6--Q","original_id":"78","name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","metadata":{"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00180","_id":"cwe_detection/cwe_detection_00180","_rev":"_dVfOTk6--R","original_id":"78","name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","metadata":{"Method":"Manual Static Analysis","Description":"Since this weakness does not typically appear frequently within a single software package, manual white box techniques may be able to provide sufficient code coverage and reduction of false positives if all potentially-vulnerable operations can be assessed within limited time constraints."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00181","_id":"cwe_detection/cwe_detection_00181","_rev":"_dVfOTk6--S","original_id":"78","name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n Binary Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00182","_id":"cwe_detection/cwe_detection_00182","_rev":"_dVfOTk6--T","original_id":"78","name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00183","_id":"cwe_detection/cwe_detection_00183","_rev":"_dVfOTk6--U","original_id":"78","name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00184","_id":"cwe_detection/cwe_detection_00184","_rev":"_dVfOTk6--V","original_id":"78","name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Manual Source Code Review (not inspections)\n \n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00185","_id":"cwe_detection/cwe_detection_00185","_rev":"_dVfOTk6--W","original_id":"78","name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00186","_id":"cwe_detection/cwe_detection_00186","_rev":"_dVfOTk6--X","original_id":"78","name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00199","_id":"cwe_detection/cwe_detection_00199","_rev":"_dVfOTk6--Y","original_id":"79","name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","metadata":{"Method":"Automated Static Analysis","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible, especially when multiple components are involved."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00200","_id":"cwe_detection/cwe_detection_00200","_rev":"_dVfOTk6--Z","original_id":"79","name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","metadata":{"Method":"Black Box","Description":"Use the XSS Cheat Sheet [REF-714] or automated test-generation tools to help launch a wide variety of attacks against your web application. The Cheat Sheet contains many subtle XSS variations that are specifically targeted against weak XSS defenses."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00252","_id":"cwe_detection/cwe_detection_00252","_rev":"_dVfOTk6--a","original_id":"89","name":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","metadata":{"Method":"Automated Static Analysis","Description":"\n This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.\n Automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or do not require any code changes.\n Automated static analysis might not be able to detect the usage of custom API functions or third-party libraries that indirectly invoke SQL commands, leading to false negatives - especially if the API/library code is not available for analysis.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00253","_id":"cwe_detection/cwe_detection_00253","_rev":"_dVfOTk6--b","original_id":"89","name":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","metadata":{"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00254","_id":"cwe_detection/cwe_detection_00254","_rev":"_dVfOTk6--c","original_id":"89","name":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","metadata":{"Method":"Manual Analysis","Description":"Manual analysis can be useful for finding this weakness, but it might not achieve desired code coverage within limited time constraints. This becomes difficult for weaknesses that must be considered for all inputs, since the attack surface can be too large."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00255","_id":"cwe_detection/cwe_detection_00255","_rev":"_dVfOTk6--d","original_id":"89","name":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n Binary Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00256","_id":"cwe_detection/cwe_detection_00256","_rev":"_dVfOTk6--e","original_id":"89","name":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Database Scanners\n \n \n Cost effective for partial coverage:\n \n \n Web Application Scanner\n Web Services Scanner\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00257","_id":"cwe_detection/cwe_detection_00257","_rev":"_dVfOTk6--f","original_id":"89","name":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00258","_id":"cwe_detection/cwe_detection_00258","_rev":"_dVfOTk6--g","original_id":"89","name":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Manual Source Code Review (not inspections)\n \n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00259","_id":"cwe_detection/cwe_detection_00259","_rev":"_dVfOTk6--h","original_id":"89","name":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00260","_id":"cwe_detection/cwe_detection_00260","_rev":"_dVfOTk6--i","original_id":"89","name":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00289","_id":"cwe_detection/cwe_detection_00289","_rev":"_dVfOTk6--j","original_id":"98","name":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')","metadata":{"Method":"Manual Analysis","Description":"Manual white-box analysis can be very effective for finding this issue, since there is typically a relatively small number of include or require statements in each program."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00290","_id":"cwe_detection/cwe_detection_00290","_rev":"_dVfOTk6--k","original_id":"98","name":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')","metadata":{"Method":"Automated Static Analysis","Description":"\n The external control or influence of filenames can often be detected using automated static analysis that models data flow within the software.\n Automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or require any code changes. If the program uses a customized input validation library, then some tools may allow the analyst to create custom signatures to detect usage of those routines.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00303","_id":"cwe_detection/cwe_detection_00303","_rev":"_dVfOTk6--l","original_id":"110","name":"Struts: Validator Without Form Field","metadata":{"Method":"Automated Static Analysis","Description":"To find the issue in the implementation, manual checks or automated static analysis could be applied to the XML configuration files."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00304","_id":"cwe_detection/cwe_detection_00304","_rev":"_dVfOTk6--m","original_id":"110","name":"Struts: Validator Without Form Field","metadata":{"Method":"Manual Static Analysis","Description":"To find the issue in the implementation, manual checks or automated static analysis could be applied to the XML configuration files."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00321","_id":"cwe_detection/cwe_detection_00321","_rev":"_dVfOTk6--n","original_id":"116","name":"Improper Encoding or Escaping of Output","metadata":{"Method":"Automated Static Analysis","Description":"This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00322","_id":"cwe_detection/cwe_detection_00322","_rev":"_dVfOTk6--o","original_id":"116","name":"Improper Encoding or Escaping of Output","metadata":{"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00333","_id":"cwe_detection/cwe_detection_00333","_rev":"_dVfOTl----","original_id":"119","name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","metadata":{"Method":"Automated Static Analysis","Description":"\n This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.\n Automated static analysis generally does not account for environmental considerations when reporting out-of-bounds memory operations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report buffer overflows that originate from command line arguments in a program that is not expected to run with setuid or other special privileges.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00334","_id":"cwe_detection/cwe_detection_00334","_rev":"_dVfOTl---_","original_id":"119","name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","metadata":{"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00335","_id":"cwe_detection/cwe_detection_00335","_rev":"_dVfOTl---A","original_id":"119","name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode Quality Analysis\n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n Binary Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00336","_id":"cwe_detection/cwe_detection_00336","_rev":"_dVfOTl---B","original_id":"119","name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00337","_id":"cwe_detection/cwe_detection_00337","_rev":"_dVfOTl---C","original_id":"119","name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00338","_id":"cwe_detection/cwe_detection_00338","_rev":"_dVfOTl---D","original_id":"119","name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00339","_id":"cwe_detection/cwe_detection_00339","_rev":"_dVfOTl---E","original_id":"119","name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00340","_id":"cwe_detection/cwe_detection_00340","_rev":"_dVfOTl---F","original_id":"119","name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n Cost effective for partial coverage:\n \n \n Source Code Quality Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00341","_id":"cwe_detection/cwe_detection_00341","_rev":"_dVfOTl---G","original_id":"119","name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00355","_id":"cwe_detection/cwe_detection_00355","_rev":"_dVfOTl---H","original_id":"120","name":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","metadata":{"Method":"Automated Static Analysis","Description":"\n This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.\n Automated static analysis generally does not account for environmental considerations when reporting out-of-bounds memory operations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report buffer overflows that originate from command line arguments in a program that is not expected to run with setuid or other special privileges.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00356","_id":"cwe_detection/cwe_detection_00356","_rev":"_dVfOTl---I","original_id":"120","name":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","metadata":{"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00357","_id":"cwe_detection/cwe_detection_00357","_rev":"_dVfOTl---J","original_id":"120","name":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","metadata":{"Method":"Manual Analysis","Description":"Manual analysis can be useful for finding this weakness, but it might not achieve desired code coverage within limited time constraints. This becomes difficult for weaknesses that must be considered for all inputs, since the attack surface can be too large."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00358","_id":"cwe_detection/cwe_detection_00358","_rev":"_dVfOTl---K","original_id":"120","name":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n Binary Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00359","_id":"cwe_detection/cwe_detection_00359","_rev":"_dVfOTl---L","original_id":"120","name":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00360","_id":"cwe_detection/cwe_detection_00360","_rev":"_dVfOTl---M","original_id":"120","name":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00361","_id":"cwe_detection/cwe_detection_00361","_rev":"_dVfOTl---N","original_id":"120","name":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00362","_id":"cwe_detection/cwe_detection_00362","_rev":"_dVfOTl---O","original_id":"120","name":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00363","_id":"cwe_detection/cwe_detection_00363","_rev":"_dVfOTl---P","original_id":"120","name":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00364","_id":"cwe_detection/cwe_detection_00364","_rev":"_dVfOTl---Q","original_id":"120","name":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00395","_id":"cwe_detection/cwe_detection_00395","_rev":"_dVfOTl---R","original_id":"129","name":"Improper Validation of Array Index","metadata":{"Method":"Automated Static Analysis","Description":"\n This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.\n Automated static analysis generally does not account for environmental considerations when reporting out-of-bounds memory operations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report array index errors that originate from command line arguments in a program that is not expected to run with setuid or other special privileges.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00396","_id":"cwe_detection/cwe_detection_00396","_rev":"_dVfOTl---S","original_id":"129","name":"Improper Validation of Array Index","metadata":{"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00397","_id":"cwe_detection/cwe_detection_00397","_rev":"_dVfOTl---T","original_id":"129","name":"Improper Validation of Array Index","metadata":{"Method":"Black Box","Description":"Black box methods might not get the needed code coverage within limited time constraints, and a dynamic test might not produce any noticeable side effects even if it is successful."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00417","_id":"cwe_detection/cwe_detection_00417","_rev":"_dVfOTl---U","original_id":"131","name":"Incorrect Calculation of Buffer Size","metadata":{"Method":"Automated Static Analysis","Description":"\n This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.\n Automated static analysis generally does not account for environmental considerations when reporting potential errors in buffer calculations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report buffer overflows that originate from command line arguments in a program that is not expected to run with setuid or other special privileges.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00418","_id":"cwe_detection/cwe_detection_00418","_rev":"_dVfOTl---V","original_id":"131","name":"Incorrect Calculation of Buffer Size","metadata":{"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00419","_id":"cwe_detection/cwe_detection_00419","_rev":"_dVfOTl---W","original_id":"131","name":"Incorrect Calculation of Buffer Size","metadata":{"Method":"Manual Analysis","Description":"Manual analysis can be useful for finding this weakness, but it might not achieve desired code coverage within limited time constraints. This becomes difficult for weaknesses that must be considered for all inputs, since the attack surface can be too large."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00420","_id":"cwe_detection/cwe_detection_00420","_rev":"_dVfOTl---X","original_id":"131","name":"Incorrect Calculation of Buffer Size","metadata":{"Method":"Manual Analysis","Description":"\n This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.\n Specifically, manual static analysis is useful for evaluating the correctness of allocation calculations. This can be useful for detecting overflow conditions (CWE-190) or similar weaknesses that might have serious security impacts on the program.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00421","_id":"cwe_detection/cwe_detection_00421","_rev":"_dVfOTl---Y","original_id":"131","name":"Incorrect Calculation of Buffer Size","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n Binary Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00422","_id":"cwe_detection/cwe_detection_00422","_rev":"_dVfOTl---Z","original_id":"131","name":"Incorrect Calculation of Buffer Size","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00423","_id":"cwe_detection/cwe_detection_00423","_rev":"_dVfOTl---a","original_id":"131","name":"Incorrect Calculation of Buffer Size","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00424","_id":"cwe_detection/cwe_detection_00424","_rev":"_dVfOTl---b","original_id":"131","name":"Incorrect Calculation of Buffer Size","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n Cost effective for partial coverage:\n \n \n Source Code Quality Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00425","_id":"cwe_detection/cwe_detection_00425","_rev":"_dVfOTl---c","original_id":"131","name":"Incorrect Calculation of Buffer Size","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00429","_id":"cwe_detection/cwe_detection_00429","_rev":"_dVfOTl---d","original_id":"134","name":"Use of Externally-Controlled Format String","metadata":{"Method":"Automated Static Analysis","Description":"This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00430","_id":"cwe_detection/cwe_detection_00430","_rev":"_dVfOTl---e","original_id":"134","name":"Use of Externally-Controlled Format String","metadata":{"Method":"Black Box","Description":"Since format strings often occur in rarely-occurring erroneous conditions (e.g. for error message logging), they can be difficult to detect using black box methods. It is highly likely that many latent issues exist in executables that do not have associated source code (or equivalent source."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00431","_id":"cwe_detection/cwe_detection_00431","_rev":"_dVfOTl---f","original_id":"134","name":"Use of Externally-Controlled Format String","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n Binary Weakness Analysis - including disassembler + source code weakness analysis\n \n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode simple extractor - strings, ELF readers, etc.\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00432","_id":"cwe_detection/cwe_detection_00432","_rev":"_dVfOTl---g","original_id":"134","name":"Use of Externally-Controlled Format String","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00433","_id":"cwe_detection/cwe_detection_00433","_rev":"_dVfOTl---h","original_id":"134","name":"Use of Externally-Controlled Format String","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00434","_id":"cwe_detection/cwe_detection_00434","_rev":"_dVfOTl---i","original_id":"134","name":"Use of Externally-Controlled Format String","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00435","_id":"cwe_detection/cwe_detection_00435","_rev":"_dVfOTl---j","original_id":"134","name":"Use of Externally-Controlled Format String","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Manual Source Code Review (not inspections)\n \n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00436","_id":"cwe_detection/cwe_detection_00436","_rev":"_dVfOTl---k","original_id":"134","name":"Use of Externally-Controlled Format String","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n Cost effective for partial coverage:\n \n \n Warning Flags\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00437","_id":"cwe_detection/cwe_detection_00437","_rev":"_dVfOTlC---","original_id":"134","name":"Use of Externally-Controlled Format String","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00595","_id":"cwe_detection/cwe_detection_00595","_rev":"_dVfOTlC--_","original_id":"184","name":"Incomplete List of Disallowed Inputs","metadata":{"Method":"Black Box","Description":"Exploitation of a vulnerability with commonly-used manipulations might fail, but minor variations might succeed."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00609","_id":"cwe_detection/cwe_detection_00609","_rev":"_dVfOTlC--A","original_id":"190","name":"Integer Overflow or Wraparound","metadata":{"Method":"Automated Static Analysis","Description":"This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00610","_id":"cwe_detection/cwe_detection_00610","_rev":"_dVfOTlC--B","original_id":"190","name":"Integer Overflow or Wraparound","metadata":{"Method":"Black Box","Description":"Sometimes, evidence of this weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00611","_id":"cwe_detection/cwe_detection_00611","_rev":"_dVfOTlC--C","original_id":"190","name":"Integer Overflow or Wraparound","metadata":{"Method":"Manual Analysis","Description":"\n This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.\n Specifically, manual static analysis is useful for evaluating the correctness of allocation calculations. This can be useful for detecting overflow conditions (CWE-190) or similar weaknesses that might have serious security impacts on the program.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00612","_id":"cwe_detection/cwe_detection_00612","_rev":"_dVfOTlC--D","original_id":"190","name":"Integer Overflow or Wraparound","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n Binary Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00613","_id":"cwe_detection/cwe_detection_00613","_rev":"_dVfOTlC--E","original_id":"190","name":"Integer Overflow or Wraparound","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00614","_id":"cwe_detection/cwe_detection_00614","_rev":"_dVfOTlC--F","original_id":"190","name":"Integer Overflow or Wraparound","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00615","_id":"cwe_detection/cwe_detection_00615","_rev":"_dVfOTlC--G","original_id":"190","name":"Integer Overflow or Wraparound","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00616","_id":"cwe_detection/cwe_detection_00616","_rev":"_dVfOTlC--H","original_id":"190","name":"Integer Overflow or Wraparound","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00626","_id":"cwe_detection/cwe_detection_00626","_rev":"_dVfOTlC--I","original_id":"198","name":"Use of Incorrect Byte Ordering","metadata":{"Method":"Black Box","Description":"Because byte ordering bugs are usually very noticeable even with normal inputs, this bug is more likely to occur in rarely triggered error conditions, making them difficult to detect using black box methods."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00628","_id":"cwe_detection/cwe_detection_00628","_rev":"_dVfOTlC--J","original_id":"200","name":"Exposure of Sensitive Information to an Unauthorized Actor","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n Inter-application Flow Analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00629","_id":"cwe_detection/cwe_detection_00629","_rev":"_dVfOTlC--K","original_id":"200","name":"Exposure of Sensitive Information to an Unauthorized Actor","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00630","_id":"cwe_detection/cwe_detection_00630","_rev":"_dVfOTlC--L","original_id":"200","name":"Exposure of Sensitive Information to an Unauthorized Actor","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n Automated Monitored Execution\n Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00631","_id":"cwe_detection/cwe_detection_00631","_rev":"_dVfOTlC--M","original_id":"200","name":"Exposure of Sensitive Information to an Unauthorized Actor","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00632","_id":"cwe_detection/cwe_detection_00632","_rev":"_dVfOTlC--N","original_id":"200","name":"Exposure of Sensitive Information to an Unauthorized Actor","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Context-configured Source Code Weakness Analyzer\n \n \n Cost effective for partial coverage:\n \n \n Source code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00633","_id":"cwe_detection/cwe_detection_00633","_rev":"_dVfOTlC--O","original_id":"200","name":"Exposure of Sensitive Information to an Unauthorized Actor","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Attack Modeling\n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00651","_id":"cwe_detection/cwe_detection_00651","_rev":"_dVfOTlC--P","original_id":"209","name":"Generation of Error Message Containing Sensitive Information","metadata":{"Method":"Manual Analysis","Description":"This weakness generally requires domain-specific interpretation using manual analysis. However, the number of potential error conditions may be too large to cover completely within limited time constraints."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00652","_id":"cwe_detection/cwe_detection_00652","_rev":"_dVfOTlC--Q","original_id":"209","name":"Generation of Error Message Containing Sensitive Information","metadata":{"Method":"Automated Analysis","Description":"Automated methods may be able to detect certain idioms automatically, such as exposed stack traces or pathnames, but violation of business rules or privacy requirements is not typically feasible."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00653","_id":"cwe_detection/cwe_detection_00653","_rev":"_dVfOTlC--R","original_id":"209","name":"Generation of Error Message Containing Sensitive Information","metadata":{"Method":"Automated Dynamic Analysis","Description":"\n This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results.\n Error conditions may be triggered with a stress-test by calling the software simultaneously from a large number of threads or processes, and look for evidence of any unexpected behavior.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00654","_id":"cwe_detection/cwe_detection_00654","_rev":"_dVfOTlC--S","original_id":"209","name":"Generation of Error Message Containing Sensitive Information","metadata":{"Method":"Manual Dynamic Analysis","Description":"Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the program under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application's environment, it may still indicate unexpected conditions that were not handled by the application itself."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00674","_id":"cwe_detection/cwe_detection_00674","_rev":"_dVfOTlC--T","original_id":"226","name":"Sensitive Information in Resource Not Removed Before Reuse","metadata":{"Method":"Manual Analysis","Description":"Write a known pattern into each sensitive location. Trigger the release of the resource or cause the desired state transition to occur. Read data back from the sensitive locations. If the reads are successful, and the data is the same as the pattern that was originally written, the test fails and the product needs to be fixed. Note that this test can likely be automated."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00689","_id":"cwe_detection/cwe_detection_00689","_rev":"_dVfOTlC--U","original_id":"250","name":"Execution with Unnecessary Privileges","metadata":{"Method":"Manual Analysis","Description":"This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00690","_id":"cwe_detection/cwe_detection_00690","_rev":"_dVfOTlC--V","original_id":"250","name":"Execution with Unnecessary Privileges","metadata":{"Method":"Black Box","Description":"\n Use monitoring tools that examine the software's process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.\n Attach the monitor to the process and perform a login. Look for library functions and system calls that indicate when privileges are being raised or dropped. Look for accesses of resources that are restricted to normal users.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00691","_id":"cwe_detection/cwe_detection_00691","_rev":"_dVfOTlC--W","original_id":"250","name":"Execution with Unnecessary Privileges","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Compare binary / bytecode to application permission manifest\n \n \n Cost effective for partial coverage:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n Binary Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00692","_id":"cwe_detection/cwe_detection_00692","_rev":"_dVfOTlC--X","original_id":"250","name":"Execution with Unnecessary Privileges","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00693","_id":"cwe_detection/cwe_detection_00693","_rev":"_dVfOTlC--Y","original_id":"250","name":"Execution with Unnecessary Privileges","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00694","_id":"cwe_detection/cwe_detection_00694","_rev":"_dVfOTlC--Z","original_id":"250","name":"Execution with Unnecessary Privileges","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Host Application Interface Scanner\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00695","_id":"cwe_detection/cwe_detection_00695","_rev":"_dVfOTlC--a","original_id":"250","name":"Execution with Unnecessary Privileges","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Manual Source Code Review (not inspections)\n \n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00696","_id":"cwe_detection/cwe_detection_00696","_rev":"_dVfOTlC--b","original_id":"250","name":"Execution with Unnecessary Privileges","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00697","_id":"cwe_detection/cwe_detection_00697","_rev":"_dVfOTlC--c","original_id":"250","name":"Execution with Unnecessary Privileges","metadata":{"Method":"Automated Static Analysis","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Configuration Checker\n Permission Manifest Analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00698","_id":"cwe_detection/cwe_detection_00698","_rev":"_dVfOTlC--d","original_id":"250","name":"Execution with Unnecessary Privileges","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Attack Modeling\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00715","_id":"cwe_detection/cwe_detection_00715","_rev":"_dVfOTlC--e","original_id":"259","name":"Use of Hard-coded Password","metadata":{"Method":"Manual Analysis","Description":"This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00716","_id":"cwe_detection/cwe_detection_00716","_rev":"_dVfOTlC--f","original_id":"259","name":"Use of Hard-coded Password","metadata":{"Method":"Black Box","Description":"\n Use monitoring tools that examine the software's process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.\n Attach the monitor to the process and perform a login. Using disassembled code, look at the associated instructions and see if any of them appear to be comparing the input to a fixed string or value.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00741","_id":"cwe_detection/cwe_detection_00741","_rev":"_dVfOTlC--g","original_id":"272","name":"Least Privilege Violation","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Compare binary / bytecode to application permission manifest\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00742","_id":"cwe_detection/cwe_detection_00742","_rev":"_dVfOTlC--h","original_id":"272","name":"Least Privilege Violation","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00743","_id":"cwe_detection/cwe_detection_00743","_rev":"_dVfOTlC--i","original_id":"272","name":"Least Privilege Violation","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Manual Source Code Review (not inspections)\n \n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00744","_id":"cwe_detection/cwe_detection_00744","_rev":"_dVfOTlC--j","original_id":"272","name":"Least Privilege Violation","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00745","_id":"cwe_detection/cwe_detection_00745","_rev":"_dVfOTlC--k","original_id":"272","name":"Least Privilege Violation","metadata":{"Method":"Automated Static Analysis","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Permission Manifest Analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00746","_id":"cwe_detection/cwe_detection_00746","_rev":"_dVfOTlC--l","original_id":"272","name":"Least Privilege Violation","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Attack Modeling\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00752","_id":"cwe_detection/cwe_detection_00752","_rev":"_dVfOTlC--m","original_id":"276","name":"Incorrect Default Permissions","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Inter-application Flow Analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00753","_id":"cwe_detection/cwe_detection_00753","_rev":"_dVfOTlC--n","original_id":"276","name":"Incorrect Default Permissions","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00754","_id":"cwe_detection/cwe_detection_00754","_rev":"_dVfOTlC--o","original_id":"276","name":"Incorrect Default Permissions","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria\n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00755","_id":"cwe_detection/cwe_detection_00755","_rev":"_dVfOTlC--p","original_id":"276","name":"Incorrect Default Permissions","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Host Application Interface Scanner\n \n \n Cost effective for partial coverage:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n Automated Monitored Execution\n Forced Path Execution\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00756","_id":"cwe_detection/cwe_detection_00756","_rev":"_dVfOTlC--q","original_id":"276","name":"Incorrect Default Permissions","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Manual Source Code Review (not inspections)\n \n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00757","_id":"cwe_detection/cwe_detection_00757","_rev":"_dVfOTlC--r","original_id":"276","name":"Incorrect Default Permissions","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00758","_id":"cwe_detection/cwe_detection_00758","_rev":"_dVfOTlC--s","original_id":"276","name":"Incorrect Default Permissions","metadata":{"Method":"Automated Static Analysis","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Configuration Checker\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00759","_id":"cwe_detection/cwe_detection_00759","_rev":"_dVfOTlC--t","original_id":"276","name":"Incorrect Default Permissions","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00778","_id":"cwe_detection/cwe_detection_00778","_rev":"_dVfOTlC--u","original_id":"285","name":"Improper Authorization","metadata":{"Method":"Automated Static Analysis","Description":"\n Automated static analysis is useful for detecting commonly-used idioms for authorization. A tool may be able to analyze related configuration files, such as .htaccess in Apache web servers, or detect the usage of commonly-used authorization libraries.\n Generally, automated static analysis tools have difficulty detecting custom authorization schemes. In addition, the software's design may include some functionality that is accessible to any user and does not require an authorization check; an automated technique that detects the absence of authorization may report false positives.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00779","_id":"cwe_detection/cwe_detection_00779","_rev":"_dVfOTlC--v","original_id":"285","name":"Improper Authorization","metadata":{"Method":"Automated Dynamic Analysis","Description":"Automated dynamic analysis may find many or all possible interfaces that do not require authorization, but manual analysis is required to determine if the lack of authorization violates business logic"},"datatype":"cwe_detection"},{"_key":"cwe_detection_00780","_id":"cwe_detection/cwe_detection_00780","_rev":"_dVfOTlC--w","original_id":"285","name":"Improper Authorization","metadata":{"Method":"Manual Analysis","Description":"\n This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.\n Specifically, manual static analysis is useful for evaluating the correctness of custom authorization mechanisms.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00781","_id":"cwe_detection/cwe_detection_00781","_rev":"_dVfOTlC--x","original_id":"285","name":"Improper Authorization","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00782","_id":"cwe_detection/cwe_detection_00782","_rev":"_dVfOTlC--y","original_id":"285","name":"Improper Authorization","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00783","_id":"cwe_detection/cwe_detection_00783","_rev":"_dVfOTlC--z","original_id":"285","name":"Improper Authorization","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Host Application Interface Scanner\n Fuzz Tester\n Framework-based Fuzzer\n Forced Path Execution\n Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00784","_id":"cwe_detection/cwe_detection_00784","_rev":"_dVfOTlC--0","original_id":"285","name":"Improper Authorization","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00785","_id":"cwe_detection/cwe_detection_00785","_rev":"_dVfOTlG---","original_id":"285","name":"Improper Authorization","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00786","_id":"cwe_detection/cwe_detection_00786","_rev":"_dVfOTlG--_","original_id":"285","name":"Improper Authorization","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00788","_id":"cwe_detection/cwe_detection_00788","_rev":"_dVfOTlG--A","original_id":"287","name":"Improper Authentication","metadata":{"Method":"Automated Static Analysis","Description":"\n Automated static analysis is useful for detecting certain types of authentication. A tool may be able to analyze related configuration files, such as .htaccess in Apache web servers, or detect the usage of commonly-used authentication libraries.\n Generally, automated static analysis tools have difficulty detecting custom authentication schemes. In addition, the software's design may include some functionality that is accessible to any user and does not require an established identity; an automated technique that detects the absence of authentication may report false positives.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00789","_id":"cwe_detection/cwe_detection_00789","_rev":"_dVfOTlG--B","original_id":"287","name":"Improper Authentication","metadata":{"Method":"Manual Static Analysis","Description":"\n This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.\n Manual static analysis is useful for evaluating the correctness of custom authentication mechanisms.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00790","_id":"cwe_detection/cwe_detection_00790","_rev":"_dVfOTlG--C","original_id":"287","name":"Improper Authentication","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00791","_id":"cwe_detection/cwe_detection_00791","_rev":"_dVfOTlG--D","original_id":"287","name":"Improper Authentication","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00792","_id":"cwe_detection/cwe_detection_00792","_rev":"_dVfOTlG--E","original_id":"287","name":"Improper Authentication","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00793","_id":"cwe_detection/cwe_detection_00793","_rev":"_dVfOTlG--F","original_id":"287","name":"Improper Authentication","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00794","_id":"cwe_detection/cwe_detection_00794","_rev":"_dVfOTlG--G","original_id":"287","name":"Improper Authentication","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00795","_id":"cwe_detection/cwe_detection_00795","_rev":"_dVfOTlG--H","original_id":"287","name":"Improper Authentication","metadata":{"Method":"Automated Static Analysis","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Configuration Checker\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00796","_id":"cwe_detection/cwe_detection_00796","_rev":"_dVfOTlG--I","original_id":"287","name":"Improper Authentication","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n Formal Methods / Correct-By-Construction\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00807","_id":"cwe_detection/cwe_detection_00807","_rev":"_dVfOTlG--J","original_id":"295","name":"Improper Certificate Validation","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n Binary Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00808","_id":"cwe_detection/cwe_detection_00808","_rev":"_dVfOTlG--K","original_id":"295","name":"Improper Certificate Validation","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00809","_id":"cwe_detection/cwe_detection_00809","_rev":"_dVfOTlG--L","original_id":"295","name":"Improper Certificate Validation","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Web Application Scanner\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00810","_id":"cwe_detection/cwe_detection_00810","_rev":"_dVfOTlG--M","original_id":"295","name":"Improper Certificate Validation","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Man-in-the-middle attack tool\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00811","_id":"cwe_detection/cwe_detection_00811","_rev":"_dVfOTlG--N","original_id":"295","name":"Improper Certificate Validation","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00812","_id":"cwe_detection/cwe_detection_00812","_rev":"_dVfOTlG--O","original_id":"295","name":"Improper Certificate Validation","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00813","_id":"cwe_detection/cwe_detection_00813","_rev":"_dVfOTlG--P","original_id":"295","name":"Improper Certificate Validation","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00819","_id":"cwe_detection/cwe_detection_00819","_rev":"_dVfOTlG--Q","original_id":"297","name":"Improper Validation of Certificate with Host Mismatch","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"Set up an untrusted endpoint (e.g. a server) with which the software will connect. Create a test certificate that uses an invalid hostname but is signed by a trusted CA and provide this certificate from the untrusted endpoint. If the software performs any operations instead of disconnecting and reporting an error, then this indicates that the hostname is not being checked and the test certificate has been accepted."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00820","_id":"cwe_detection/cwe_detection_00820","_rev":"_dVfOTlG--R","original_id":"297","name":"Improper Validation of Certificate with Host Mismatch","metadata":{"Method":"Black Box","Description":"When Certificate Pinning is being used in a mobile application, consider using a tool such as Spinner [REF-955]. This methodology might be extensible to other technologies."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00835","_id":"cwe_detection/cwe_detection_00835","_rev":"_dVfOTlG--S","original_id":"306","name":"Missing Authentication for Critical Function","metadata":{"Method":"Manual Analysis","Description":"\n This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.\n Specifically, manual static analysis is useful for evaluating the correctness of custom authentication mechanisms.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00836","_id":"cwe_detection/cwe_detection_00836","_rev":"_dVfOTlG--T","original_id":"306","name":"Missing Authentication for Critical Function","metadata":{"Method":"Automated Static Analysis","Description":"\n Automated static analysis is useful for detecting commonly-used idioms for authentication. A tool may be able to analyze related configuration files, such as .htaccess in Apache web servers, or detect the usage of commonly-used authentication libraries.\n Generally, automated static analysis tools have difficulty detecting custom authentication schemes. In addition, the software's design may include some functionality that is accessible to any user and does not require an established identity; an automated technique that detects the absence of authentication may report false positives.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00837","_id":"cwe_detection/cwe_detection_00837","_rev":"_dVfOTlG--U","original_id":"306","name":"Missing Authentication for Critical Function","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00838","_id":"cwe_detection/cwe_detection_00838","_rev":"_dVfOTlG--V","original_id":"306","name":"Missing Authentication for Critical Function","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00839","_id":"cwe_detection/cwe_detection_00839","_rev":"_dVfOTlG--W","original_id":"306","name":"Missing Authentication for Critical Function","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Host Application Interface Scanner\n Fuzz Tester\n Framework-based Fuzzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00840","_id":"cwe_detection/cwe_detection_00840","_rev":"_dVfOTlG--X","original_id":"306","name":"Missing Authentication for Critical Function","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00841","_id":"cwe_detection/cwe_detection_00841","_rev":"_dVfOTlG--Y","original_id":"306","name":"Missing Authentication for Critical Function","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00842","_id":"cwe_detection/cwe_detection_00842","_rev":"_dVfOTlG--Z","original_id":"306","name":"Missing Authentication for Critical Function","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Attack Modeling\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00845","_id":"cwe_detection/cwe_detection_00845","_rev":"_dVfOTlG--a","original_id":"307","name":"Improper Restriction of Excessive Authentication Attempts","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n Cost effective for partial coverage:\n \n \n Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00846","_id":"cwe_detection/cwe_detection_00846","_rev":"_dVfOTlG--b","original_id":"307","name":"Improper Restriction of Excessive Authentication Attempts","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n \n \n Cost effective for partial coverage:\n \n \n Forced Path Execution\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00847","_id":"cwe_detection/cwe_detection_00847","_rev":"_dVfOTlG--c","original_id":"307","name":"Improper Restriction of Excessive Authentication Attempts","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00848","_id":"cwe_detection/cwe_detection_00848","_rev":"_dVfOTlG--d","original_id":"307","name":"Improper Restriction of Excessive Authentication Attempts","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00849","_id":"cwe_detection/cwe_detection_00849","_rev":"_dVfOTlG--e","original_id":"307","name":"Improper Restriction of Excessive Authentication Attempts","metadata":{"Method":"Automated Static Analysis","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Configuration Checker\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00850","_id":"cwe_detection/cwe_detection_00850","_rev":"_dVfOTlG--f","original_id":"307","name":"Improper Restriction of Excessive Authentication Attempts","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00864","_id":"cwe_detection/cwe_detection_00864","_rev":"_dVfOTlG--g","original_id":"311","name":"Missing Encryption of Sensitive Data","metadata":{"Method":"Manual Analysis","Description":"The characterizaton of sensitive data often requires domain-specific understanding, so manual methods are useful. However, manual efforts might not achieve desired code coverage within limited time constraints. Black box methods may produce artifacts (e.g. stored data or unencrypted network transfer) that require manual evaluation."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00865","_id":"cwe_detection/cwe_detection_00865","_rev":"_dVfOTlG--h","original_id":"311","name":"Missing Encryption of Sensitive Data","metadata":{"Method":"Automated Analysis","Description":"Automated measurement of the entropy of an input/output source may indicate the use or lack of encryption, but human analysis is still required to distinguish intentionally-unencrypted data (e.g. metadata) from sensitive data."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00866","_id":"cwe_detection/cwe_detection_00866","_rev":"_dVfOTlG--i","original_id":"311","name":"Missing Encryption of Sensitive Data","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00867","_id":"cwe_detection/cwe_detection_00867","_rev":"_dVfOTlG--j","original_id":"311","name":"Missing Encryption of Sensitive Data","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00868","_id":"cwe_detection/cwe_detection_00868","_rev":"_dVfOTlG--k","original_id":"311","name":"Missing Encryption of Sensitive Data","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Network Sniffer\n \n \n Cost effective for partial coverage:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n Automated Monitored Execution\n Man-in-the-middle attack tool\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00869","_id":"cwe_detection/cwe_detection_00869","_rev":"_dVfOTlG--l","original_id":"311","name":"Missing Encryption of Sensitive Data","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00870","_id":"cwe_detection/cwe_detection_00870","_rev":"_dVfOTlG--m","original_id":"311","name":"Missing Encryption of Sensitive Data","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00871","_id":"cwe_detection/cwe_detection_00871","_rev":"_dVfOTlG--n","original_id":"311","name":"Missing Encryption of Sensitive Data","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Attack Modeling\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00876","_id":"cwe_detection/cwe_detection_00876","_rev":"_dVfOTlG--o","original_id":"319","name":"Cleartext Transmission of Sensitive Information","metadata":{"Method":"Black Box","Description":"\n Use monitoring tools that examine the software's process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.\n Attach the monitor to the process, trigger the feature that sends the data, and look for the presence or absence of common cryptographic functions in the call tree. Monitor the network and determine if the data packets contain readable commands. Tools exist for detecting if certain encodings are in use. If the traffic contains high entropy, this might indicate the usage of encryption.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00889","_id":"cwe_detection/cwe_detection_00889","_rev":"_dVfOTlG--p","original_id":"327","name":"Use of a Broken or Risky Cryptographic Algorithm","metadata":{"Method":"Automated Analysis","Description":"Automated methods may be useful for recognizing commonly-used libraries or features that have become obsolete."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00890","_id":"cwe_detection/cwe_detection_00890","_rev":"_dVfOTlG--q","original_id":"327","name":"Use of a Broken or Risky Cryptographic Algorithm","metadata":{"Method":"Manual Analysis","Description":"This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00891","_id":"cwe_detection/cwe_detection_00891","_rev":"_dVfOTlG--r","original_id":"327","name":"Use of a Broken or Risky Cryptographic Algorithm","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n Binary Weakness Analysis - including disassembler + source code weakness analysis\n Binary / Bytecode simple extractor - strings, ELF readers, etc.\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00892","_id":"cwe_detection/cwe_detection_00892","_rev":"_dVfOTlG--s","original_id":"327","name":"Use of a Broken or Risky Cryptographic Algorithm","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00893","_id":"cwe_detection/cwe_detection_00893","_rev":"_dVfOTlG--t","original_id":"327","name":"Use of a Broken or Risky Cryptographic Algorithm","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00894","_id":"cwe_detection/cwe_detection_00894","_rev":"_dVfOTlG--u","original_id":"327","name":"Use of a Broken or Risky Cryptographic Algorithm","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Man-in-the-middle attack tool\n \n \n Cost effective for partial coverage:\n \n \n Framework-based Fuzzer\n Automated Monitored Execution\n Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00895","_id":"cwe_detection/cwe_detection_00895","_rev":"_dVfOTlG--v","original_id":"327","name":"Use of a Broken or Risky Cryptographic Algorithm","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Manual Source Code Review (not inspections)\n \n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00896","_id":"cwe_detection/cwe_detection_00896","_rev":"_dVfOTlG--w","original_id":"327","name":"Use of a Broken or Risky Cryptographic Algorithm","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00897","_id":"cwe_detection/cwe_detection_00897","_rev":"_dVfOTlG--x","original_id":"327","name":"Use of a Broken or Risky Cryptographic Algorithm","metadata":{"Method":"Automated Static Analysis","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Configuration Checker\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00898","_id":"cwe_detection/cwe_detection_00898","_rev":"_dVfOTlG--y","original_id":"327","name":"Use of a Broken or Risky Cryptographic Algorithm","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00906","_id":"cwe_detection/cwe_detection_00906","_rev":"_dVfOTlG--z","original_id":"330","name":"Use of Insufficiently Random Values","metadata":{"Method":"Black Box","Description":"\n Use monitoring tools that examine the software's process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.\n Attach the monitor to the process and look for library functions that indicate when randomness is being used. Run the process multiple times to see if the seed changes. Look for accesses of devices or equivalent resources that are commonly used for strong (or weak) randomness, such as /dev/urandom on Linux. Look for library or system calls that access predictable information such as process IDs and system time.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00907","_id":"cwe_detection/cwe_detection_00907","_rev":"_dVfOTlG--0","original_id":"330","name":"Use of Insufficiently Random Values","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n Binary Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00908","_id":"cwe_detection/cwe_detection_00908","_rev":"_dVfOTlG--1","original_id":"330","name":"Use of Insufficiently Random Values","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00909","_id":"cwe_detection/cwe_detection_00909","_rev":"_dVfOTlG--2","original_id":"330","name":"Use of Insufficiently Random Values","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Man-in-the-middle attack tool\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00910","_id":"cwe_detection/cwe_detection_00910","_rev":"_dVfOTlG--3","original_id":"330","name":"Use of Insufficiently Random Values","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00911","_id":"cwe_detection/cwe_detection_00911","_rev":"_dVfOTlG--4","original_id":"330","name":"Use of Insufficiently Random Values","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00912","_id":"cwe_detection/cwe_detection_00912","_rev":"_dVfOTlG--5","original_id":"330","name":"Use of Insufficiently Random Values","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00945","_id":"cwe_detection/cwe_detection_00945","_rev":"_dVfOTlG--6","original_id":"352","name":"Cross-Site Request Forgery (CSRF)","metadata":{"Method":"Manual Analysis","Description":"\n This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.\n Specifically, manual analysis can be useful for finding this weakness, and for minimizing false positives assuming an understanding of business logic. However, it might not achieve desired code coverage within limited time constraints. For black-box analysis, if credentials are not known for privileged accounts, then the most security-critical portions of the application may not receive sufficient attention.\n Consider using OWASP CSRFTester to identify potential issues and aid in manual analysis.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00946","_id":"cwe_detection/cwe_detection_00946","_rev":"_dVfOTlG--7","original_id":"352","name":"Cross-Site Request Forgery (CSRF)","metadata":{"Method":"Automated Static Analysis","Description":"CSRF is currently difficult to detect reliably using automated techniques. This is because each application has its own implicit security policy that dictates which requests can be influenced by an outsider and automatically performed on behalf of a user, versus which requests require strong confidence that the user intends to make the request. For example, a keyword search of the public portion of a web site is typically expected to be encoded within a link that can be launched automatically when the user clicks on the link."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00947","_id":"cwe_detection/cwe_detection_00947","_rev":"_dVfOTlG--8","original_id":"352","name":"Cross-Site Request Forgery (CSRF)","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n Binary Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00948","_id":"cwe_detection/cwe_detection_00948","_rev":"_dVfOTlG--9","original_id":"352","name":"Cross-Site Request Forgery (CSRF)","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00949","_id":"cwe_detection/cwe_detection_00949","_rev":"_dVfOTlG-_-","original_id":"352","name":"Cross-Site Request Forgery (CSRF)","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Web Application Scanner\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00950","_id":"cwe_detection/cwe_detection_00950","_rev":"_dVfOTlG-__","original_id":"352","name":"Cross-Site Request Forgery (CSRF)","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00951","_id":"cwe_detection/cwe_detection_00951","_rev":"_dVfOTlG-_A","original_id":"352","name":"Cross-Site Request Forgery (CSRF)","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00952","_id":"cwe_detection/cwe_detection_00952","_rev":"_dVfOTlG-_B","original_id":"352","name":"Cross-Site Request Forgery (CSRF)","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00953","_id":"cwe_detection/cwe_detection_00953","_rev":"_dVfOTlG-_C","original_id":"352","name":"Cross-Site Request Forgery (CSRF)","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n Formal Methods / Correct-By-Construction\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00959","_id":"cwe_detection/cwe_detection_00959","_rev":"_dVfOTlG-_D","original_id":"359","name":"Exposure of Private Personal Information to an Unauthorized Actor","metadata":{"Method":"Architecture or Design Review","Description":"\n Private personal data can enter a program in a variety of ways:\n \n \n Directly from the user in the form of a password or personal information\n Accessed from a database or other data store by the application\n Indirectly from a partner or other third party\n \n If the data is written to an external location - such as the console, file system, or network - a privacy violation may occur.\n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00971","_id":"cwe_detection/cwe_detection_00971","_rev":"_dVfOTlG-_E","original_id":"362","name":"Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","metadata":{"Method":"Black Box","Description":"Black box methods may be able to identify evidence of race conditions via methods such as multiple simultaneous connections, which may cause the software to become instable or crash. However, race conditions with very narrow timing windows would not be detectable."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00972","_id":"cwe_detection/cwe_detection_00972","_rev":"_dVfOTlG-_F","original_id":"362","name":"Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","metadata":{"Method":"White Box","Description":"Common idioms are detectable in white box analysis, such as time-of-check-time-of-use (TOCTOU) file operations (CWE-367), or double-checked locking (CWE-609)."},"datatype":"cwe_detection"},{"_key":"cwe_detection_00973","_id":"cwe_detection/cwe_detection_00973","_rev":"_dVfOTlG-_G","original_id":"362","name":"Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","metadata":{"Method":"Automated Dynamic Analysis","Description":"\n This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results.\n Race conditions may be detected with a stress-test by calling the software simultaneously from a large number of threads or processes, and look for evidence of any unexpected behavior.\n Insert breakpoints or delays in between relevant code statements to artificially expand the race window so that it will be easier to detect.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00974","_id":"cwe_detection/cwe_detection_00974","_rev":"_dVfOTlK---","original_id":"362","name":"Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n \n \n Cost effective for partial coverage:\n \n \n Binary Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00975","_id":"cwe_detection/cwe_detection_00975","_rev":"_dVfOTlK--_","original_id":"362","name":"Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00976","_id":"cwe_detection/cwe_detection_00976","_rev":"_dVfOTlK--A","original_id":"362","name":"Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Framework-based Fuzzer\n \n \n Cost effective for partial coverage:\n \n \n Fuzz Tester\n Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00977","_id":"cwe_detection/cwe_detection_00977","_rev":"_dVfOTlK--B","original_id":"362","name":"Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Manual Source Code Review (not inspections)\n \n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00978","_id":"cwe_detection/cwe_detection_00978","_rev":"_dVfOTlK--C","original_id":"362","name":"Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_00979","_id":"cwe_detection/cwe_detection_00979","_rev":"_dVfOTlK--D","original_id":"362","name":"Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01021","_id":"cwe_detection/cwe_detection_01021","_rev":"_dVfOTlK--E","original_id":"395","name":"Use of NullPointerException Catch to Detect NULL Pointer Dereference","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n Binary Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01022","_id":"cwe_detection/cwe_detection_01022","_rev":"_dVfOTlK--F","original_id":"395","name":"Use of NullPointerException Catch to Detect NULL Pointer Dereference","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Framework-based Fuzzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01023","_id":"cwe_detection/cwe_detection_01023","_rev":"_dVfOTlK--G","original_id":"395","name":"Use of NullPointerException Catch to Detect NULL Pointer Dereference","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01024","_id":"cwe_detection/cwe_detection_01024","_rev":"_dVfOTlK--H","original_id":"395","name":"Use of NullPointerException Catch to Detect NULL Pointer Dereference","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01025","_id":"cwe_detection/cwe_detection_01025","_rev":"_dVfOTlK--I","original_id":"395","name":"Use of NullPointerException Catch to Detect NULL Pointer Dereference","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01030","_id":"cwe_detection/cwe_detection_01030","_rev":"_dVfOTlK--J","original_id":"400","name":"Uncontrolled Resource Consumption","metadata":{"Method":"Automated Static Analysis","Description":"\n Automated static analysis typically has limited utility in recognizing resource exhaustion problems, except for program-independent system resources such as files, sockets, and processes. For system resources, automated static analysis may be able to detect circumstances in which resources are not released after they have expired. Automated analysis of configuration files may be able to detect settings that do not specify a maximum value.\n Automated static analysis tools will not be appropriate for detecting exhaustion of custom resources, such as an intended security policy in which a bulletin board user is only allowed to make a limited number of posts per day.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01031","_id":"cwe_detection/cwe_detection_01031","_rev":"_dVfOTlK--K","original_id":"400","name":"Uncontrolled Resource Consumption","metadata":{"Method":"Automated Dynamic Analysis","Description":"Certain automated dynamic analysis techniques may be effective in spotting resource exhaustion problems, especially with resources such as processes, memory, and connections. The technique may involve generating a large number of requests to the software within a short time frame."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01032","_id":"cwe_detection/cwe_detection_01032","_rev":"_dVfOTlK--L","original_id":"400","name":"Uncontrolled Resource Consumption","metadata":{"Method":"Fuzzing","Description":"While fuzzing is typically geared toward finding low-level implementation bugs, it can inadvertently find resource exhaustion problems. This can occur when the fuzzer generates a large number of test cases but does not restart the targeted software in between test cases. If an individual test case produces a crash, but it does not do so reliably, then an inability to handle resource exhaustion may be the cause."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01040","_id":"cwe_detection/cwe_detection_01040","_rev":"_dVfOTlK--M","original_id":"404","name":"Improper Resource Shutdown or Release","metadata":{"Method":"Automated Dynamic Analysis","Description":"\n This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results.\n Resource clean up errors might be detected with a stress-test by calling the software simultaneously from a large number of threads or processes, and look for evidence of any unexpected behavior. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01041","_id":"cwe_detection/cwe_detection_01041","_rev":"_dVfOTlK--N","original_id":"404","name":"Improper Resource Shutdown or Release","metadata":{"Method":"Manual Dynamic Analysis","Description":"Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the program under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application's environment, it may still indicate unexpected conditions that were not handled by the application itself."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01055","_id":"cwe_detection/cwe_detection_01055","_rev":"_dVfOTlK--O","original_id":"412","name":"Unrestricted Externally Accessible Lock","metadata":{"Method":"White Box","Description":"Automated code analysis techniques might not be able to reliably detect this weakness, since the application's behavior and general security model dictate which resource locks are critical. Interpretation of the weakness might require knowledge of the environment, e.g. if the existence of a file is used as a lock, but the file is created in a world-writable directory."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01076","_id":"cwe_detection/cwe_detection_01076","_rev":"_dVfOTlK--P","original_id":"426","name":"Untrusted Search Path","metadata":{"Method":"Black Box","Description":"\n Use monitoring tools that examine the software's process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.\n Attach the monitor to the process and look for library functions and system calls that suggest when a search path is being used. One pattern is when the program performs multiple accesses of the same file but in different directories, with repeated failures until the proper filename is found. Library calls such as getenv() or their equivalent can be checked to see if any path-related variables are being accessed.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01077","_id":"cwe_detection/cwe_detection_01077","_rev":"_dVfOTlK--Q","original_id":"426","name":"Untrusted Search Path","metadata":{"Method":"Automated Static Analysis","Description":"Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01078","_id":"cwe_detection/cwe_detection_01078","_rev":"_dVfOTlK--R","original_id":"426","name":"Untrusted Search Path","metadata":{"Method":"Manual Analysis","Description":"Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01106","_id":"cwe_detection/cwe_detection_01106","_rev":"_dVfOTlK--S","original_id":"434","name":"Unrestricted Upload of File with Dangerous Type","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01107","_id":"cwe_detection/cwe_detection_01107","_rev":"_dVfOTlK--T","original_id":"434","name":"Unrestricted Upload of File with Dangerous Type","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01108","_id":"cwe_detection/cwe_detection_01108","_rev":"_dVfOTlK--U","original_id":"434","name":"Unrestricted Upload of File with Dangerous Type","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01109","_id":"cwe_detection/cwe_detection_01109","_rev":"_dVfOTlK--V","original_id":"434","name":"Unrestricted Upload of File with Dangerous Type","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01110","_id":"cwe_detection/cwe_detection_01110","_rev":"_dVfOTlK--W","original_id":"434","name":"Unrestricted Upload of File with Dangerous Type","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01165","_id":"cwe_detection/cwe_detection_01165","_rev":"_dVfOTlK--X","original_id":"476","name":"NULL Pointer Dereference","metadata":{"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01166","_id":"cwe_detection/cwe_detection_01166","_rev":"_dVfOTlK--Y","original_id":"476","name":"NULL Pointer Dereference","metadata":{"Method":"Manual Dynamic Analysis","Description":"Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the program under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application's environment, it may still indicate unexpected conditions that were not handled by the application itself."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01169","_id":"cwe_detection/cwe_detection_01169","_rev":"_dVfOTlK--Z","original_id":"477","name":"Use of Obsolete Function","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Binary / Bytecode Quality Analysis\n \n \n Cost effective for partial coverage:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01170","_id":"cwe_detection/cwe_detection_01170","_rev":"_dVfOTlK--a","original_id":"477","name":"Use of Obsolete Function","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01171","_id":"cwe_detection/cwe_detection_01171","_rev":"_dVfOTlK--b","original_id":"477","name":"Use of Obsolete Function","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Debugger\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01172","_id":"cwe_detection/cwe_detection_01172","_rev":"_dVfOTlK--c","original_id":"477","name":"Use of Obsolete Function","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Manual Source Code Review (not inspections)\n \n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01173","_id":"cwe_detection/cwe_detection_01173","_rev":"_dVfOTlK--d","original_id":"477","name":"Use of Obsolete Function","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Source Code Quality Analyzer\n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01174","_id":"cwe_detection/cwe_detection_01174","_rev":"_dVfOTlK--e","original_id":"477","name":"Use of Obsolete Function","metadata":{"Method":"Automated Static Analysis","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Origin Analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01175","_id":"cwe_detection/cwe_detection_01175","_rev":"_dVfOTlK--f","original_id":"477","name":"Use of Obsolete Function","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01182","_id":"cwe_detection/cwe_detection_01182","_rev":"_dVfOTlK--g","original_id":"480","name":"Use of Incorrect Operator","metadata":{"Method":"Automated Static Analysis","Description":"This weakness can be found easily using static analysis. However in some cases an operator might appear to be incorrect, but is actually correct and reflects unusual logic within the program."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01183","_id":"cwe_detection/cwe_detection_01183","_rev":"_dVfOTlK--h","original_id":"480","name":"Use of Incorrect Operator","metadata":{"Method":"Manual Static Analysis","Description":"This weakness can be found easily using static analysis. However in some cases an operator might appear to be incorrect, but is actually correct and reflects unusual logic within the program."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01190","_id":"cwe_detection/cwe_detection_01190","_rev":"_dVfOTlK--i","original_id":"484","name":"Omitted Break Statement in Switch","metadata":{"Method":"White Box","Description":"Omission of a break statement might be intentional, in order to support fallthrough. Automated detection methods might therefore be erroneous. Semantic understanding of expected program behavior is required to interpret whether the code is correct."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01191","_id":"cwe_detection/cwe_detection_01191","_rev":"_dVfOTlK--j","original_id":"484","name":"Omitted Break Statement in Switch","metadata":{"Method":"Black Box","Description":"Since this weakness is associated with a code construct, it would be indistinguishable from other errors that produce the same behavior."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01207","_id":"cwe_detection/cwe_detection_01207","_rev":"_dVfOTlK--k","original_id":"494","name":"Download of Code Without Integrity Check","metadata":{"Method":"Manual Analysis","Description":"\n This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.\n Specifically, manual static analysis is typically required to find the behavior that triggers the download of code, and to determine whether integrity-checking methods are in use.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01208","_id":"cwe_detection/cwe_detection_01208","_rev":"_dVfOTlK--l","original_id":"494","name":"Download of Code Without Integrity Check","metadata":{"Method":"Black Box","Description":"\n Use monitoring tools that examine the software's process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.\n Attach the monitor to the process and also sniff the network connection. Trigger features related to product updates or plugin installation, which is likely to force a code download. Monitor when files are downloaded and separately executed, or if they are otherwise read back into the process. Look for evidence of cryptographic library calls that use integrity checking.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01225","_id":"cwe_detection/cwe_detection_01225","_rev":"_dVfOTlK--m","original_id":"506","name":"Embedded Malicious Code","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n Generated Code Inspection\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01226","_id":"cwe_detection/cwe_detection_01226","_rev":"_dVfOTlK--n","original_id":"506","name":"Embedded Malicious Code","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Automated Monitored Execution\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01227","_id":"cwe_detection/cwe_detection_01227","_rev":"_dVfOTlK--o","original_id":"506","name":"Embedded Malicious Code","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01228","_id":"cwe_detection/cwe_detection_01228","_rev":"_dVfOTlK--p","original_id":"506","name":"Embedded Malicious Code","metadata":{"Method":"Automated Static Analysis","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Origin Analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01237","_id":"cwe_detection/cwe_detection_01237","_rev":"_dVfOTlK--q","original_id":"510","name":"Trapdoor","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Inter-application Flow Analysis\n Binary / Bytecode simple extractor - strings, ELF readers, etc.\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01238","_id":"cwe_detection/cwe_detection_01238","_rev":"_dVfOTlK--r","original_id":"510","name":"Trapdoor","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n Generated Code Inspection\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01239","_id":"cwe_detection/cwe_detection_01239","_rev":"_dVfOTlK--s","original_id":"510","name":"Trapdoor","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Automated Monitored Execution\n Forced Path Execution\n Debugger\n Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01240","_id":"cwe_detection/cwe_detection_01240","_rev":"_dVfOTlK--t","original_id":"510","name":"Trapdoor","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Manual Source Code Review (not inspections)\n \n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01241","_id":"cwe_detection/cwe_detection_01241","_rev":"_dVfOTlK--u","original_id":"510","name":"Trapdoor","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01242","_id":"cwe_detection/cwe_detection_01242","_rev":"_dVfOTlK--v","original_id":"510","name":"Trapdoor","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n Cost effective for partial coverage:\n \n \n Formal Methods / Correct-By-Construction\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01247","_id":"cwe_detection/cwe_detection_01247","_rev":"_dVfOTlK--w","original_id":"514","name":"Covert Channel","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01301","_id":"cwe_detection/cwe_detection_01301","_rev":"_dVfOTlK--x","original_id":"561","name":"Dead Code","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Attack Modeling\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01302","_id":"cwe_detection/cwe_detection_01302","_rev":"_dVfOTlK--y","original_id":"561","name":"Dead Code","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Binary / Bytecode Quality Analysis\n Compare binary / bytecode to application permission manifest\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01303","_id":"cwe_detection/cwe_detection_01303","_rev":"_dVfOTlK--z","original_id":"561","name":"Dead Code","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Automated Monitored Execution\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01304","_id":"cwe_detection/cwe_detection_01304","_rev":"_dVfOTlK--0","original_id":"561","name":"Dead Code","metadata":{"Method":"Automated Static Analysis","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Permission Manifest Analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01305","_id":"cwe_detection/cwe_detection_01305","_rev":"_dVfOTlK--1","original_id":"561","name":"Dead Code","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Source Code Quality Analyzer\n \n \n Cost effective for partial coverage:\n \n \n Warning Flags\n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01306","_id":"cwe_detection/cwe_detection_01306","_rev":"_dVfOTlK--2","original_id":"561","name":"Dead Code","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01307","_id":"cwe_detection/cwe_detection_01307","_rev":"_dVfOTlK--3","original_id":"561","name":"Dead Code","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Manual Source Code Review (not inspections)\n \n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01370","_id":"cwe_detection/cwe_detection_01370","_rev":"_dVfOTlK--4","original_id":"601","name":"URL Redirection to Untrusted Site ('Open Redirect')","metadata":{"Method":"Manual Static Analysis","Description":"Since this weakness does not typically appear frequently within a single software package, manual white box techniques may be able to provide sufficient code coverage and reduction of false positives if all potentially-vulnerable operations can be assessed within limited time constraints."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01371","_id":"cwe_detection/cwe_detection_01371","_rev":"_dVfOTlK--5","original_id":"601","name":"URL Redirection to Untrusted Site ('Open Redirect')","metadata":{"Method":"Automated Dynamic Analysis","Description":"Automated black box tools that supply URLs to every input may be able to spot Location header modifications, but test case coverage is a factor, and custom redirects may not be detected."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01372","_id":"cwe_detection/cwe_detection_01372","_rev":"_dVfOTlK--6","original_id":"601","name":"URL Redirection to Untrusted Site ('Open Redirect')","metadata":{"Method":"Automated Static Analysis","Description":"Automated static analysis tools may not be able to determine whether input influences the beginning of a URL, which is important for reducing false positives."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01373","_id":"cwe_detection/cwe_detection_01373","_rev":"_dVfOTlK--7","original_id":"601","name":"URL Redirection to Untrusted Site ('Open Redirect')","metadata":{"Method":"Other","Description":"Whether this issue poses a vulnerability will be subject to the intended behavior of the application. For example, a search engine might intentionally provide redirects to arbitrary URLs."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01374","_id":"cwe_detection/cwe_detection_01374","_rev":"_dVfOTlK--8","original_id":"601","name":"URL Redirection to Untrusted Site ('Open Redirect')","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n Binary Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01375","_id":"cwe_detection/cwe_detection_01375","_rev":"_dVfOTlO---","original_id":"601","name":"URL Redirection to Untrusted Site ('Open Redirect')","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01376","_id":"cwe_detection/cwe_detection_01376","_rev":"_dVfOTlO--_","original_id":"601","name":"URL Redirection to Untrusted Site ('Open Redirect')","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01377","_id":"cwe_detection/cwe_detection_01377","_rev":"_dVfOTlO--A","original_id":"601","name":"URL Redirection to Untrusted Site ('Open Redirect')","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01378","_id":"cwe_detection/cwe_detection_01378","_rev":"_dVfOTlO--B","original_id":"601","name":"URL Redirection to Untrusted Site ('Open Redirect')","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01379","_id":"cwe_detection/cwe_detection_01379","_rev":"_dVfOTlO--C","original_id":"601","name":"URL Redirection to Untrusted Site ('Open Redirect')","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01421","_id":"cwe_detection/cwe_detection_01421","_rev":"_dVfOTlO--D","original_id":"628","name":"Function Call with Incorrectly Specified Arguments","metadata":{"Method":"Other","Description":"Since these bugs typically introduce incorrect behavior that is obvious to users, they are found quickly, unless they occur in rarely-tested code paths. Managing the correct number of arguments can be made more difficult in cases where format strings are used, or when variable numbers of arguments are supported."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01474","_id":"cwe_detection/cwe_detection_01474","_rev":"_dVfOTlO--E","original_id":"653","name":"Improper Isolation or Compartmentalization","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Compare binary / bytecode to application permission manifest\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01475","_id":"cwe_detection/cwe_detection_01475","_rev":"_dVfOTlO--F","original_id":"653","name":"Improper Isolation or Compartmentalization","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Manual Source Code Review (not inspections)\n \n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01476","_id":"cwe_detection/cwe_detection_01476","_rev":"_dVfOTlO--G","original_id":"653","name":"Improper Isolation or Compartmentalization","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Attack Modeling\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01495","_id":"cwe_detection/cwe_detection_01495","_rev":"_dVfOTlO--H","original_id":"665","name":"Improper Initialization","metadata":{"Method":"Automated Dynamic Analysis","Description":"\n This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results.\n Initialization problems may be detected with a stress-test by calling the software simultaneously from a large number of threads or processes, and look for evidence of any unexpected behavior. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01496","_id":"cwe_detection/cwe_detection_01496","_rev":"_dVfOTlO--I","original_id":"665","name":"Improper Initialization","metadata":{"Method":"Manual Dynamic Analysis","Description":"Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the program under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application's environment, it may still indicate unexpected conditions that were not handled by the application itself."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01502","_id":"cwe_detection/cwe_detection_01502","_rev":"_dVfOTlO--J","original_id":"676","name":"Use of Potentially Dangerous Function","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n Binary Weakness Analysis - including disassembler + source code weakness analysis\n \n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode Quality Analysis\n Binary / Bytecode simple extractor - strings, ELF readers, etc.\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01503","_id":"cwe_detection/cwe_detection_01503","_rev":"_dVfOTlO--K","original_id":"676","name":"Use of Potentially Dangerous Function","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01504","_id":"cwe_detection/cwe_detection_01504","_rev":"_dVfOTlO--L","original_id":"676","name":"Use of Potentially Dangerous Function","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Debugger\n \n \n Cost effective for partial coverage:\n \n \n Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01505","_id":"cwe_detection/cwe_detection_01505","_rev":"_dVfOTlO--M","original_id":"676","name":"Use of Potentially Dangerous Function","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Manual Source Code Review (not inspections)\n \n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01506","_id":"cwe_detection/cwe_detection_01506","_rev":"_dVfOTlO--N","original_id":"676","name":"Use of Potentially Dangerous Function","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n Cost effective for partial coverage:\n \n \n Warning Flags\n Source Code Quality Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01507","_id":"cwe_detection/cwe_detection_01507","_rev":"_dVfOTlO--O","original_id":"676","name":"Use of Potentially Dangerous Function","metadata":{"Method":"Automated Static Analysis","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Origin Analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01508","_id":"cwe_detection/cwe_detection_01508","_rev":"_dVfOTlO--P","original_id":"676","name":"Use of Potentially Dangerous Function","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01518","_id":"cwe_detection/cwe_detection_01518","_rev":"_dVfOTlO--Q","original_id":"682","name":"Incorrect Calculation","metadata":{"Method":"Manual Analysis","Description":"\n This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.\n Specifically, manual static analysis is useful for evaluating the correctness of allocation calculations. This can be useful for detecting overflow conditions (CWE-190) or similar weaknesses that might have serious security impacts on the program.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01523","_id":"cwe_detection/cwe_detection_01523","_rev":"_dVfOTlO--R","original_id":"685","name":"Function Call With Incorrect Number of Arguments","metadata":{"Method":"Other","Description":"While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers of arguments, such as format strings in C. It also can occur in languages or environments that do not require that functions always be called with the correct number of arguments, such as Perl."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01525","_id":"cwe_detection/cwe_detection_01525","_rev":"_dVfOTlO--S","original_id":"687","name":"Function Call With Incorrectly Specified Argument Value","metadata":{"Method":"Manual Static Analysis","Description":"This might require an understanding of intended program behavior or design to determine whether the value is incorrect."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01527","_id":"cwe_detection/cwe_detection_01527","_rev":"_dVfOTlO--T","original_id":"688","name":"Function Call With Incorrect Variable or Reference as Argument","metadata":{"Method":"Other","Description":"While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers of arguments, such as format strings in C. It also can occur in loosely typed languages or environments. This might require an understanding of intended program behavior or design to determine whether the value is incorrect."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01528","_id":"cwe_detection/cwe_detection_01528","_rev":"_dVfOTlO--U","original_id":"690","name":"Unchecked Return Value to NULL Pointer Dereference","metadata":{"Method":"Black Box","Description":"This typically occurs in rarely-triggered error conditions, reducing the chances of detection during black box testing."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01529","_id":"cwe_detection/cwe_detection_01529","_rev":"_dVfOTlO--V","original_id":"690","name":"Unchecked Return Value to NULL Pointer Dereference","metadata":{"Method":"White Box","Description":"Code analysis can require knowledge of API behaviors for library functions that might return NULL, reducing the chances of detection when unknown libraries are used."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01531","_id":"cwe_detection/cwe_detection_01531","_rev":"_dVfOTlO--W","original_id":"698","name":"Execution After Redirect (EAR)","metadata":{"Method":"Black Box","Description":"This issue might not be detected if testing is performed using a web browser, because the browser might obey the redirect and move the user to a different page before the application has produced outputs that indicate something is amiss."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01532","_id":"cwe_detection/cwe_detection_01532","_rev":"_dVfOTlO--X","original_id":"703","name":"Improper Check or Handling of Exceptional Conditions","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Fault Injection - source code\n Fault Injection - binary\n \n \n Cost effective for partial coverage:\n \n \n Forced Path Execution\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01533","_id":"cwe_detection/cwe_detection_01533","_rev":"_dVfOTlO--Y","original_id":"703","name":"Improper Check or Handling of Exceptional Conditions","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Manual Source Code Review (not inspections)\n \n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01534","_id":"cwe_detection/cwe_detection_01534","_rev":"_dVfOTlO--Z","original_id":"703","name":"Improper Check or Handling of Exceptional Conditions","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01535","_id":"cwe_detection/cwe_detection_01535","_rev":"_dVfOTlO--a","original_id":"703","name":"Improper Check or Handling of Exceptional Conditions","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n Formal Methods / Correct-By-Construction\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01548","_id":"cwe_detection/cwe_detection_01548","_rev":"_dVfOTlO--b","original_id":"732","name":"Incorrect Permission Assignment for Critical Resource","metadata":{"Method":"Automated Static Analysis","Description":"\n Automated static analysis may be effective in detecting permission problems for system resources such as files, directories, shared memory, device interfaces, etc. Automated techniques may be able to detect the use of library functions that modify permissions, then analyze function calls for arguments that contain potentially insecure values.\n However, since the software's intended security policy might allow loose permissions for certain operations (such as publishing a file on a web server), automated static analysis may produce some false positives - i.e., warnings that do not have any security consequences or require any code changes.\n When custom permissions models are used - such as defining who can read messages in a particular forum in a bulletin board system - these can be difficult to detect using automated static analysis. It may be possible to define custom signatures that identify any custom functions that implement the permission checks and assignments.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01549","_id":"cwe_detection/cwe_detection_01549","_rev":"_dVfOTlO--c","original_id":"732","name":"Incorrect Permission Assignment for Critical Resource","metadata":{"Method":"Automated Dynamic Analysis","Description":"\n Automated dynamic analysis may be effective in detecting permission problems for system resources such as files, directories, shared memory, device interfaces, etc.\n However, since the software's intended security policy might allow loose permissions for certain operations (such as publishing a file on a web server), automated dynamic analysis may produce some false positives - i.e., warnings that do not have any security consequences or require any code changes.\n When custom permissions models are used - such as defining who can read messages in a particular forum in a bulletin board system - these can be difficult to detect using automated dynamic analysis. It may be possible to define custom signatures that identify any custom functions that implement the permission checks and assignments.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01550","_id":"cwe_detection/cwe_detection_01550","_rev":"_dVfOTlO--d","original_id":"732","name":"Incorrect Permission Assignment for Critical Resource","metadata":{"Method":"Manual Analysis","Description":"This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01551","_id":"cwe_detection/cwe_detection_01551","_rev":"_dVfOTlO--e","original_id":"732","name":"Incorrect Permission Assignment for Critical Resource","metadata":{"Method":"Manual Static Analysis","Description":"Manual static analysis may be effective in detecting the use of custom permissions models and functions. The code could then be examined to identifying usage of the related functions. Then the human analyst could evaluate permission assignments in the context of the intended security model of the software."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01552","_id":"cwe_detection/cwe_detection_01552","_rev":"_dVfOTlO--f","original_id":"732","name":"Incorrect Permission Assignment for Critical Resource","metadata":{"Method":"Manual Dynamic Analysis","Description":"Manual dynamic analysis may be effective in detecting the use of custom permissions models and functions. The program could then be executed with a focus on exercising code paths that are related to the custom permissions. Then the human analyst could evaluate permission assignments in the context of the intended security model of the software."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01553","_id":"cwe_detection/cwe_detection_01553","_rev":"_dVfOTlO--g","original_id":"732","name":"Incorrect Permission Assignment for Critical Resource","metadata":{"Method":"Fuzzing","Description":"Fuzzing is not effective in detecting this weakness."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01554","_id":"cwe_detection/cwe_detection_01554","_rev":"_dVfOTlO--h","original_id":"732","name":"Incorrect Permission Assignment for Critical Resource","metadata":{"Method":"Black Box","Description":"\n Use monitoring tools that examine the software's process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.\n Attach the monitor to the process and watch for library functions or system calls on OS resources such as files, directories, and shared memory. Examine the arguments to these calls to infer which permissions are being used.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01555","_id":"cwe_detection/cwe_detection_01555","_rev":"_dVfOTlO--i","original_id":"732","name":"Incorrect Permission Assignment for Critical Resource","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Inter-application Flow Analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01556","_id":"cwe_detection/cwe_detection_01556","_rev":"_dVfOTlO--j","original_id":"732","name":"Incorrect Permission Assignment for Critical Resource","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01557","_id":"cwe_detection/cwe_detection_01557","_rev":"_dVfOTlO--k","original_id":"732","name":"Incorrect Permission Assignment for Critical Resource","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Host-based Vulnerability Scanners - Examine configuration for flaws, verifying that audit mechanisms work, ensure host configuration meets certain predefined criteria\n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01558","_id":"cwe_detection/cwe_detection_01558","_rev":"_dVfOTlO--l","original_id":"732","name":"Incorrect Permission Assignment for Critical Resource","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Host Application Interface Scanner\n \n \n Cost effective for partial coverage:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n Automated Monitored Execution\n Forced Path Execution\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01559","_id":"cwe_detection/cwe_detection_01559","_rev":"_dVfOTlO--m","original_id":"732","name":"Incorrect Permission Assignment for Critical Resource","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Manual Source Code Review (not inspections)\n \n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01560","_id":"cwe_detection/cwe_detection_01560","_rev":"_dVfOTlO--n","original_id":"732","name":"Incorrect Permission Assignment for Critical Resource","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01561","_id":"cwe_detection/cwe_detection_01561","_rev":"_dVfOTlO--o","original_id":"732","name":"Incorrect Permission Assignment for Critical Resource","metadata":{"Method":"Automated Static Analysis","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Configuration Checker\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01562","_id":"cwe_detection/cwe_detection_01562","_rev":"_dVfOTlO--p","original_id":"732","name":"Incorrect Permission Assignment for Critical Resource","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01563","_id":"cwe_detection/cwe_detection_01563","_rev":"_dVfOTlO--q","original_id":"733","name":"Compiler Optimization Removal or Modification of Security-critical Code","metadata":{"Method":"Black Box","Description":"This specific weakness is impossible to detect using black box methods. While an analyst could examine memory to see that it has not been scrubbed, an analysis of the executable would not be successful. This is because the compiler has already removed the relevant code. Only the source code shows whether the programmer intended to clear the memory or not, so this weakness is indistinguishable from others."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01564","_id":"cwe_detection/cwe_detection_01564","_rev":"_dVfOTlO--r","original_id":"733","name":"Compiler Optimization Removal or Modification of Security-critical Code","metadata":{"Method":"White Box","Description":"This weakness is only detectable using white box methods (see black box detection factor). Careful analysis is required to determine if the code is likely to be removed by the compiler."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01574","_id":"cwe_detection/cwe_detection_01574","_rev":"_dVfOTlO--s","original_id":"754","name":"Improper Check for Unusual or Exceptional Conditions","metadata":{"Method":"Automated Static Analysis","Description":"Automated static analysis may be useful for detecting unusual conditions involving system resources or common programming idioms, but not for violations of business rules."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01575","_id":"cwe_detection/cwe_detection_01575","_rev":"_dVfOTlO--t","original_id":"754","name":"Improper Check for Unusual or Exceptional Conditions","metadata":{"Method":"Manual Dynamic Analysis","Description":"Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the program under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application's environment, it may still indicate unexpected conditions that were not handled by the application itself."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01579","_id":"cwe_detection/cwe_detection_01579","_rev":"_dVfOTlO--u","original_id":"759","name":"Use of a One-Way Hash without a Salt","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n Binary Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01580","_id":"cwe_detection/cwe_detection_01580","_rev":"_dVfOTlO--v","original_id":"759","name":"Use of a One-Way Hash without a Salt","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01581","_id":"cwe_detection/cwe_detection_01581","_rev":"_dVfOTlO--w","original_id":"759","name":"Use of a One-Way Hash without a Salt","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01582","_id":"cwe_detection/cwe_detection_01582","_rev":"_dVfOTlO--x","original_id":"759","name":"Use of a One-Way Hash without a Salt","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01583","_id":"cwe_detection/cwe_detection_01583","_rev":"_dVfOTlO--y","original_id":"759","name":"Use of a One-Way Hash without a Salt","metadata":{"Method":"Automated Static Analysis","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Configuration Checker\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01584","_id":"cwe_detection/cwe_detection_01584","_rev":"_dVfOTlO--z","original_id":"759","name":"Use of a One-Way Hash without a Salt","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01616","_id":"cwe_detection/cwe_detection_01616","_rev":"_dVfOTlO--0","original_id":"770","name":"Allocation of Resources Without Limits or Throttling","metadata":{"Method":"Manual Static Analysis","Description":"Manual static analysis can be useful for finding this weakness, but it might not achieve desired code coverage within limited time constraints. If denial-of-service is not considered a significant risk, or if there is strong emphasis on consequences such as code execution, then manual analysis may not focus on this weakness at all."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01617","_id":"cwe_detection/cwe_detection_01617","_rev":"_dVfOTlO--1","original_id":"770","name":"Allocation of Resources Without Limits or Throttling","metadata":{"Method":"Fuzzing","Description":"\n While fuzzing is typically geared toward finding low-level implementation bugs, it can inadvertently find uncontrolled resource allocation problems. This can occur when the fuzzer generates a large number of test cases but does not restart the targeted software in between test cases. If an individual test case produces a crash, but it does not do so reliably, then an inability to limit resource allocation may be the cause.\n When the allocation is directly affected by numeric inputs, then fuzzing may produce indications of this weakness.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01618","_id":"cwe_detection/cwe_detection_01618","_rev":"_dVfOTlO--2","original_id":"770","name":"Allocation of Resources Without Limits or Throttling","metadata":{"Method":"Automated Dynamic Analysis","Description":"Certain automated dynamic analysis techniques may be effective in producing side effects of uncontrolled resource allocation problems, especially with resources such as processes, memory, and connections. The technique may involve generating a large number of requests to the software within a short time frame. Manual analysis is likely required to interpret the results."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01619","_id":"cwe_detection/cwe_detection_01619","_rev":"_dVfOTlO--3","original_id":"770","name":"Allocation of Resources Without Limits or Throttling","metadata":{"Method":"Automated Static Analysis","Description":"\n Specialized configuration or tuning may be required to train automated tools to recognize this weakness.\n Automated static analysis typically has limited utility in recognizing unlimited allocation problems, except for the missing release of program-independent system resources such as files, sockets, and processes, or unchecked arguments to memory. For system resources, automated static analysis may be able to detect circumstances in which resources are not released after they have expired, or if too much of a resource is requested at once, as can occur with memory. Automated analysis of configuration files may be able to detect settings that do not specify a maximum value.\n Automated static analysis tools will not be appropriate for detecting exhaustion of custom resources, such as an intended security policy in which a bulletin board user is only allowed to make a limited number of posts per day.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01652","_id":"cwe_detection/cwe_detection_01652","_rev":"_dVfOTlO--4","original_id":"787","name":"Out-of-bounds Write","metadata":{"Method":"Automated Static Analysis","Description":"\n This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.\n Automated static analysis generally does not account for environmental considerations when reporting out-of-bounds memory operations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report buffer overflows that originate from command line arguments in a program that is not expected to run with setuid or other special privileges.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01653","_id":"cwe_detection/cwe_detection_01653","_rev":"_dVfOTlO--5","original_id":"787","name":"Out-of-bounds Write","metadata":{"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01661","_id":"cwe_detection/cwe_detection_01661","_rev":"_dVfOTlO--6","original_id":"798","name":"Use of Hard-coded Credentials","metadata":{"Method":"Black Box","Description":"Credential storage in configuration files is findable using black box methods, but the use of hard-coded credentials for an incoming authentication routine typically involves an account that is not visible outside of the code."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01662","_id":"cwe_detection/cwe_detection_01662","_rev":"_dVfOTlO--7","original_id":"798","name":"Use of Hard-coded Credentials","metadata":{"Method":"Automated Static Analysis","Description":"Automated white box techniques have been published for detecting hard-coded credentials for incoming authentication, but there is some expert disagreement regarding their effectiveness and applicability to a broad range of methods."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01663","_id":"cwe_detection/cwe_detection_01663","_rev":"_dVfOTlO--8","original_id":"798","name":"Use of Hard-coded Credentials","metadata":{"Method":"Manual Static Analysis","Description":"This weakness may be detectable using manual code analysis. Unless authentication is decentralized and applied throughout the software, there can be sufficient time for the analyst to find incoming authentication routines and examine the program logic looking for usage of hard-coded credentials. Configuration files could also be analyzed."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01664","_id":"cwe_detection/cwe_detection_01664","_rev":"_dVfOTlO--9","original_id":"798","name":"Use of Hard-coded Credentials","metadata":{"Method":"Manual Dynamic Analysis","Description":"\n For hard-coded credentials in incoming authentication: use monitoring tools that examine the software's process as it interacts with the operating system and the network. This technique is useful in cases when source code is unavailable, if the software was not developed by you, or if you want to verify that the build phase did not introduce any new weaknesses. Examples include debuggers that directly attach to the running process; system-call tracing utilities such as truss (Solaris) and strace (Linux); system activity monitors such as FileMon, RegMon, Process Monitor, and other Sysinternals utilities (Windows); and sniffers and protocol analyzers that monitor network traffic.\n Attach the monitor to the process and perform a login. Using call trees or similar artifacts from the output, examine the associated behaviors and see if any of them appear to be comparing the input to a fixed string or value.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01665","_id":"cwe_detection/cwe_detection_01665","_rev":"_dVfOTlO-_-","original_id":"798","name":"Use of Hard-coded Credentials","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n Binary Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01666","_id":"cwe_detection/cwe_detection_01666","_rev":"_dVfOTlO-__","original_id":"798","name":"Use of Hard-coded Credentials","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01667","_id":"cwe_detection/cwe_detection_01667","_rev":"_dVfOTlS---","original_id":"798","name":"Use of Hard-coded Credentials","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Network Sniffer\n Forced Path Execution\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01668","_id":"cwe_detection/cwe_detection_01668","_rev":"_dVfOTlS--_","original_id":"798","name":"Use of Hard-coded Credentials","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01669","_id":"cwe_detection/cwe_detection_01669","_rev":"_dVfOTlS--A","original_id":"798","name":"Use of Hard-coded Credentials","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01670","_id":"cwe_detection/cwe_detection_01670","_rev":"_dVfOTlS--B","original_id":"798","name":"Use of Hard-coded Credentials","metadata":{"Method":"Automated Static Analysis","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Configuration Checker\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01671","_id":"cwe_detection/cwe_detection_01671","_rev":"_dVfOTlS--C","original_id":"798","name":"Use of Hard-coded Credentials","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n Formal Methods / Correct-By-Construction\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01681","_id":"cwe_detection/cwe_detection_01681","_rev":"_dVfOTlS--D","original_id":"805","name":"Buffer Access with Incorrect Length Value","metadata":{"Method":"Automated Static Analysis","Description":"\n This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.\n Automated static analysis generally does not account for environmental considerations when reporting out-of-bounds memory operations. This can make it difficult for users to determine which warnings should be investigated first. For example, an analysis tool might report buffer overflows that originate from command line arguments in a program that is not expected to run with setuid or other special privileges.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01682","_id":"cwe_detection/cwe_detection_01682","_rev":"_dVfOTlS--E","original_id":"805","name":"Buffer Access with Incorrect Length Value","metadata":{"Method":"Automated Dynamic Analysis","Description":"This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01683","_id":"cwe_detection/cwe_detection_01683","_rev":"_dVfOTlS--F","original_id":"805","name":"Buffer Access with Incorrect Length Value","metadata":{"Method":"Manual Analysis","Description":"Manual analysis can be useful for finding this weakness, but it might not achieve desired code coverage within limited time constraints. This becomes difficult for weaknesses that must be considered for all inputs, since the attack surface can be too large."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01695","_id":"cwe_detection/cwe_detection_01695","_rev":"_dVfOTlS--G","original_id":"807","name":"Reliance on Untrusted Inputs in a Security Decision","metadata":{"Method":"Manual Static Analysis","Description":"Since this weakness does not typically appear frequently within a single software package, manual white box techniques may be able to provide sufficient code coverage and reduction of false positives if all potentially-vulnerable operations can be assessed within limited time constraints."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01696","_id":"cwe_detection/cwe_detection_01696","_rev":"_dVfOTlS--H","original_id":"807","name":"Reliance on Untrusted Inputs in a Security Decision","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n Binary Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01697","_id":"cwe_detection/cwe_detection_01697","_rev":"_dVfOTlS--I","original_id":"807","name":"Reliance on Untrusted Inputs in a Security Decision","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01698","_id":"cwe_detection/cwe_detection_01698","_rev":"_dVfOTlS--J","original_id":"807","name":"Reliance on Untrusted Inputs in a Security Decision","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01699","_id":"cwe_detection/cwe_detection_01699","_rev":"_dVfOTlS--K","original_id":"807","name":"Reliance on Untrusted Inputs in a Security Decision","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01700","_id":"cwe_detection/cwe_detection_01700","_rev":"_dVfOTlS--L","original_id":"807","name":"Reliance on Untrusted Inputs in a Security Decision","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01701","_id":"cwe_detection/cwe_detection_01701","_rev":"_dVfOTlS--M","original_id":"807","name":"Reliance on Untrusted Inputs in a Security Decision","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01702","_id":"cwe_detection/cwe_detection_01702","_rev":"_dVfOTlS--N","original_id":"807","name":"Reliance on Untrusted Inputs in a Security Decision","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Attack Modeling\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01716","_id":"cwe_detection/cwe_detection_01716","_rev":"_dVfOTlS--O","original_id":"829","name":"Inclusion of Functionality from Untrusted Control Sphere","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01717","_id":"cwe_detection/cwe_detection_01717","_rev":"_dVfOTlS--P","original_id":"829","name":"Inclusion of Functionality from Untrusted Control Sphere","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01718","_id":"cwe_detection/cwe_detection_01718","_rev":"_dVfOTlS--Q","original_id":"829","name":"Inclusion of Functionality from Untrusted Control Sphere","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Forced Path Execution\n Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01719","_id":"cwe_detection/cwe_detection_01719","_rev":"_dVfOTlS--R","original_id":"829","name":"Inclusion of Functionality from Untrusted Control Sphere","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Manual Source Code Review (not inspections)\n \n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01720","_id":"cwe_detection/cwe_detection_01720","_rev":"_dVfOTlS--S","original_id":"829","name":"Inclusion of Functionality from Untrusted Control Sphere","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01721","_id":"cwe_detection/cwe_detection_01721","_rev":"_dVfOTlS--T","original_id":"829","name":"Inclusion of Functionality from Untrusted Control Sphere","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Attack Modeling\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01722","_id":"cwe_detection/cwe_detection_01722","_rev":"_dVfOTlS--U","original_id":"834","name":"Excessive Iteration","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Fuzz Tester\n Framework-based Fuzzer\n Forced Path Execution\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01723","_id":"cwe_detection/cwe_detection_01723","_rev":"_dVfOTlS--V","original_id":"834","name":"Excessive Iteration","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01724","_id":"cwe_detection/cwe_detection_01724","_rev":"_dVfOTlS--W","original_id":"834","name":"Excessive Iteration","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01725","_id":"cwe_detection/cwe_detection_01725","_rev":"_dVfOTlS--X","original_id":"834","name":"Excessive Iteration","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01736","_id":"cwe_detection/cwe_detection_01736","_rev":"_dVfOTlS--Y","original_id":"862","name":"Missing Authorization","metadata":{"Method":"Automated Static Analysis","Description":"\n Automated static analysis is useful for detecting commonly-used idioms for authorization. A tool may be able to analyze related configuration files, such as .htaccess in Apache web servers, or detect the usage of commonly-used authorization libraries.\n Generally, automated static analysis tools have difficulty detecting custom authorization schemes. In addition, the software's design may include some functionality that is accessible to any user and does not require an authorization check; an automated technique that detects the absence of authorization may report false positives.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01737","_id":"cwe_detection/cwe_detection_01737","_rev":"_dVfOTlS--Z","original_id":"862","name":"Missing Authorization","metadata":{"Method":"Automated Dynamic Analysis","Description":"Automated dynamic analysis may find many or all possible interfaces that do not require authorization, but manual analysis is required to determine if the lack of authorization violates business logic."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01738","_id":"cwe_detection/cwe_detection_01738","_rev":"_dVfOTlS--a","original_id":"862","name":"Missing Authorization","metadata":{"Method":"Manual Analysis","Description":"\n This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.\n Specifically, manual static analysis is useful for evaluating the correctness of custom authorization mechanisms.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01739","_id":"cwe_detection/cwe_detection_01739","_rev":"_dVfOTlS--b","original_id":"862","name":"Missing Authorization","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01740","_id":"cwe_detection/cwe_detection_01740","_rev":"_dVfOTlS--c","original_id":"862","name":"Missing Authorization","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01741","_id":"cwe_detection/cwe_detection_01741","_rev":"_dVfOTlS--d","original_id":"862","name":"Missing Authorization","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Host Application Interface Scanner\n Fuzz Tester\n Framework-based Fuzzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01742","_id":"cwe_detection/cwe_detection_01742","_rev":"_dVfOTlS--e","original_id":"862","name":"Missing Authorization","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01743","_id":"cwe_detection/cwe_detection_01743","_rev":"_dVfOTlS--f","original_id":"862","name":"Missing Authorization","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01744","_id":"cwe_detection/cwe_detection_01744","_rev":"_dVfOTlS--g","original_id":"862","name":"Missing Authorization","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n Formal Methods / Correct-By-Construction\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01750","_id":"cwe_detection/cwe_detection_01750","_rev":"_dVfOTlS--h","original_id":"863","name":"Incorrect Authorization","metadata":{"Method":"Automated Static Analysis","Description":"\n Automated static analysis is useful for detecting commonly-used idioms for authorization. A tool may be able to analyze related configuration files, such as .htaccess in Apache web servers, or detect the usage of commonly-used authorization libraries.\n Generally, automated static analysis tools have difficulty detecting custom authorization schemes. Even if they can be customized to recognize these schemes, they might not be able to tell whether the scheme correctly performs the authorization in a way that cannot be bypassed or subverted by an attacker.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01751","_id":"cwe_detection/cwe_detection_01751","_rev":"_dVfOTlS--i","original_id":"863","name":"Incorrect Authorization","metadata":{"Method":"Automated Dynamic Analysis","Description":"Automated dynamic analysis may not be able to find interfaces that are protected by authorization checks, even if those checks contain weaknesses."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01752","_id":"cwe_detection/cwe_detection_01752","_rev":"_dVfOTlS--j","original_id":"863","name":"Incorrect Authorization","metadata":{"Method":"Manual Analysis","Description":"\n This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.\n Specifically, manual static analysis is useful for evaluating the correctness of custom authorization mechanisms.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01753","_id":"cwe_detection/cwe_detection_01753","_rev":"_dVfOTlS--k","original_id":"863","name":"Incorrect Authorization","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01754","_id":"cwe_detection/cwe_detection_01754","_rev":"_dVfOTlS--l","original_id":"863","name":"Incorrect Authorization","metadata":{"Method":"Dynamic Analysis with Automated Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Web Application Scanner\n Web Services Scanner\n Database Scanners\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01755","_id":"cwe_detection/cwe_detection_01755","_rev":"_dVfOTlS--m","original_id":"863","name":"Incorrect Authorization","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Host Application Interface Scanner\n Fuzz Tester\n Framework-based Fuzzer\n Forced Path Execution\n Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01756","_id":"cwe_detection/cwe_detection_01756","_rev":"_dVfOTlS--n","original_id":"863","name":"Incorrect Authorization","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01757","_id":"cwe_detection/cwe_detection_01757","_rev":"_dVfOTlS--o","original_id":"863","name":"Incorrect Authorization","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01758","_id":"cwe_detection/cwe_detection_01758","_rev":"_dVfOTlS--p","original_id":"863","name":"Incorrect Authorization","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01779","_id":"cwe_detection/cwe_detection_01779","_rev":"_dVfOTlS--q","original_id":"916","name":"Use of Password Hash With Insufficient Computational Effort","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Bytecode Weakness Analysis - including disassembler + source code weakness analysis\n Binary Weakness Analysis - including disassembler + source code weakness analysis\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01780","_id":"cwe_detection/cwe_detection_01780","_rev":"_dVfOTlS--r","original_id":"916","name":"Use of Password Hash With Insufficient Computational Effort","metadata":{"Method":"Manual Static Analysis - Binary or Bytecode","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01781","_id":"cwe_detection/cwe_detection_01781","_rev":"_dVfOTlS--s","original_id":"916","name":"Use of Password Hash With Insufficient Computational Effort","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Focused Manual Spotcheck - Focused manual analysis of source\n Manual Source Code Review (not inspections)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01782","_id":"cwe_detection/cwe_detection_01782","_rev":"_dVfOTlS--t","original_id":"916","name":"Use of Password Hash With Insufficient Computational Effort","metadata":{"Method":"Automated Static Analysis - Source Code","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Source code Weakness Analyzer\n Context-configured Source Code Weakness Analyzer\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01783","_id":"cwe_detection/cwe_detection_01783","_rev":"_dVfOTlS--u","original_id":"916","name":"Use of Password Hash With Insufficient Computational Effort","metadata":{"Method":"Automated Static Analysis","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Cost effective for partial coverage:\n \n \n Configuration Checker\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01784","_id":"cwe_detection/cwe_detection_01784","_rev":"_dVfOTlS--v","original_id":"916","name":"Use of Password Hash With Insufficient Computational Effort","metadata":{"Method":"Architecture or Design Review","Description":"\n According to SOAR, the following detection techniques may be useful:\n \n Highly cost effective:\n \n \n Formal Methods / Correct-By-Construction\n \n \n Cost effective for partial coverage:\n \n \n Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)\n \n \n \n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01799","_id":"cwe_detection/cwe_detection_01799","_rev":"_dVfOTlS--w","original_id":"1007","name":"Insufficient Visual Distinction of Homoglyphs Presented to User","metadata":{"Method":"Manual Dynamic Analysis","Description":"If utilizing user accounts, attempt to submit a username that contains homoglyphs. Similarly, check to see if links containing homoglyphs can be sent via email, web browsers, or other mechanisms."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01809","_id":"cwe_detection/cwe_detection_01809","_rev":"_dVfOTlS--x","original_id":"1037","name":"Processor Optimization Removal or Modification of Security-critical Code","metadata":{"Method":"White Box","Description":"In theory this weakness can be detected through the use of white box testing techniques where specifically crafted test cases are used in conjunction with debuggers to verify the order of statements being executed."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01811","_id":"cwe_detection/cwe_detection_01811","_rev":"_dVfOTlS--y","original_id":"1173","name":"Improper Use of Validation Framework","metadata":{"Method":"Automated Static Analysis","Description":"\n Some instances of improper input validation can be detected using automated static analysis.\n A static analysis tool might allow the user to specify which application-specific methods or functions perform input validation; the tool might also have built-in knowledge of validation frameworks such as Struts. The tool may then suppress or de-prioritize any associated warnings. This allows the analyst to focus on areas of the software in which input validation does not appear to be present.\n Except in the cases described in the previous paragraph, automated static analysis might not be able to recognize when proper input validation is being performed, leading to false positives - i.e., warnings that do not have any security consequences or require any code changes.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01813","_id":"cwe_detection/cwe_detection_01813","_rev":"_dVfOTlS--z","original_id":"1189","name":"Improper Isolation of Shared Resources on System-on-a-Chip (SoC)","metadata":{"Method":"Automated Static Analysis - Binary or Bytecode","Description":"\n Kernel integrity verification can help identify when shared resource configuration settings have been modified.\n "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01816","_id":"cwe_detection/cwe_detection_01816","_rev":"_dVfOTlS--0","original_id":"1191","name":"On-Chip Debug and Test Interface With Improper Access Control","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"Authentication and authorization of debug and test interfaces should be part of the architecture and design review process. Withholding of private register documentation from the debug and test interface public specification (\"Security by obscurity\") should not be considered as sufficient security."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01817","_id":"cwe_detection/cwe_detection_01817","_rev":"_dVfOTlS--1","original_id":"1191","name":"On-Chip Debug and Test Interface With Improper Access Control","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"Dynamic tests should be done in the pre-silicon and post-silicon stages to verify that the debug and test interfaces are not open by default."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01818","_id":"cwe_detection/cwe_detection_01818","_rev":"_dVfOTlS--2","original_id":"1191","name":"On-Chip Debug and Test Interface With Improper Access Control","metadata":{"Method":"Fuzzing","Description":"Tests that fuzz Debug and Test Interfaces should ensure that no access without appropriate authentication and authorization is possible."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01834","_id":"cwe_detection/cwe_detection_01834","_rev":"_dVfOTlS--3","original_id":"1231","name":"Improper Prevention of Lock Bit Modification","metadata":{"Method":"Manual Analysis","Description":"Set the lock bit. Power cycle the\n\t device. Attempt to clear the lock bit. If the\n\t information is changed, implement a design\n\t fix. Retest. Also, attempt to indirectly clear the lock\n\t bit or bypass it."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01837","_id":"cwe_detection/cwe_detection_01837","_rev":"_dVfOTlS--4","original_id":"1233","name":"Security-Sensitive Hardware Controls with Missing Lock Bit Protection","metadata":{"Method":"Manual Analysis","Description":"Set the lock bit. Attempt to modify the\n\t information protected by the lock bit. If the information\n\t is changed, implement a design fix. Retest. Also, attempt\n\t to indirectly clear the lock bit or bypass\n\t it."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01855","_id":"cwe_detection/cwe_detection_01855","_rev":"_dVfOTlS--5","original_id":"1240","name":"Use of a Cryptographic Primitive with a Risky Implementation","metadata":{"Method":"Architecture or Design Review","Description":"Review requirements, documentation, and product design to ensure that primitives are consistent with the strongest-available recommendations from trusted parties. If the product appears to be using custom or proprietary implementations that have not had sufficient public review and approval, then this is a significant concern."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01856","_id":"cwe_detection/cwe_detection_01856","_rev":"_dVfOTlS--6","original_id":"1240","name":"Use of a Cryptographic Primitive with a Risky Implementation","metadata":{"Method":"Manual Analysis","Description":"Analyze the product to ensure that implementations for each primitive do not contain any known vulnerabilities and are not using any known-weak algorithms, including MD4, MD5, SHA1, DES, etc."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01857","_id":"cwe_detection/cwe_detection_01857","_rev":"_dVfOTlS--7","original_id":"1240","name":"Use of a Cryptographic Primitive with a Risky Implementation","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"For hardware, during the implementation (pre-Silicon / post-Silicon) phase, dynamic tests should be done to ensure that outputs from cryptographic routines are indeed working properly, such as test vectors provided by NIST [REF-1236]."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01858","_id":"cwe_detection/cwe_detection_01858","_rev":"_dVfOTlS--8","original_id":"1240","name":"Use of a Cryptographic Primitive with a Risky Implementation","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n\t\tIt needs to be determined if the output of a cryptographic primitive is lacking entropy, which is one clear sign that something went wrong with the crypto implementation. There exist many methods of measuring the entropy of a bytestream, from sophisticated ones (like calculating Shannon's entropy of a sequence of characters) to crude ones (by compressing it and comparing the size of the original bytestream vs. the compressed - a truly random byte stream should not be compressible and hence the uncompressed and compressed bytestreams should be nearly identical in size)."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01866","_id":"cwe_detection/cwe_detection_01866","_rev":"_dVfOTlS--9","original_id":"1244","name":"Internal Asset Exposed to Unsafe Debug Access Level or State","metadata":{"Method":"Manual Analysis","Description":"Check 2 devices for their passcode to authenticate access to JTAG/debugging ports. If the passcodes are missing or the same, update the design to fix and retest. Check communications over JTAG/debugging ports for encryption. If the communications are not encrypted, fix the design and retest."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01870","_id":"cwe_detection/cwe_detection_01870","_rev":"_dVfOTlS-_-","original_id":"1247","name":"Improper Protection Against Voltage and Clock Glitches","metadata":{"Method":"Manual Analysis","Description":"\n\t\t\t\n\t\t\tPut the processor in an infinite\n\t\t\tloop, which is then followed by instructions\n\t\t\tthat should not ever be executed, since the\n\t\t\tloop is not expected to exit. After the loop,\n\t\t\ttoggle an I/O bit (for oscilloscope monitoring\n\t\t\tpurposes), print a console message, and\n\t\t\treenter the loop. Note that to ensure that\n\t\t\tthe loop exit is actually captured, many NOP\n\t\t\tinstructions should be coded after the loop\n\t\t\tbranch instruction and before the I/O bit\n\t\t\ttoggle and the print statement.\n\n\t\t\tMargining the clock consists of varying the clock\n\t\t\tfrequency until an anomaly occurs. This could be a\n\t\t\tcontinuous frequency change or it could be a single\n\t\t\tcycle. The single cycle method is described here. For\n\t\t\tevery 1000th clock pulse, the clock cycle is shortened by\n\t\t\t10 percent. If no effect is observed, the width is\n\t\t\tshortened by 20%. This process is continued in 10%\n\t\t\tincrements up to and including 50%. Note that the cycle\n\t\t\ttime may be increased as well, down to seconds per\n\t\t\tcycle.\n\n\t\t\tSeparately, the voltage is margined. Note that\n\t\t\tthe voltage could be increased or decreased. Increasing\n\t\t\tthe voltage has limits, as the circuitry may not be able\n\t\t\tto withstand a drastically increased voltage. This process\n\t\t\tstarts with a 5% reduction of the DC supply to the CPU\n\t\t\tchip for 5 millisecond repeated at 1KHz. If this has no\n\t\t\teffect, the process is repeated, but a 10% reduction is\n\t\t\tused. This process is repeated at 10% increments down to a\n\t\t\t50% reduction. If no effects are observed at 5\n\t\t\tmillisecond, the whole process is repeated using a 10\n\t\t\tmillisecond pulse. If no effects are observed, the process\n\t\t\tis repeated in 10 millisecond increments out to 100\n\t\t\tmillisecond pulses.\n\n\t\t\tWhile these are suggested starting points for\n\t\t\ttesting circuitry for weaknesses, the limits may need to\n\t\t\tbe pushed further at the risk of device damage. See\n\t\t\t[REF-1217] for descriptions of Smart Card attacks against\n\t\t\ta clock (section 14.6.2) and using a voltage glitch\n\t\t\t(section 15.5.3).\n\t\t "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01871","_id":"cwe_detection/cwe_detection_01871","_rev":"_dVfOTlS-__","original_id":"1247","name":"Improper Protection Against Voltage and Clock Glitches","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n\t\t During the implementation phase where actual hardware is available, specialized hardware tools and apparatus such as ChipWhisperer may be used to check if the platform is indeed susceptible to voltage and clock glitching attacks.\n\t\t "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01872","_id":"cwe_detection/cwe_detection_01872","_rev":"_dVfOTlS-_A","original_id":"1247","name":"Improper Protection Against Voltage and Clock Glitches","metadata":{"Method":"Architecture or Design Review","Description":"\n\t\t Review if the protections against glitching merely transfer the attack target. For example, suppose a critical authentication routine that an attacker would want to bypass is given the protection of modifying certain artifacts from within that specific routine (so that if the routine is bypassed, one can examine the artifacts and figure out that an attack must have happened). However, if the attacker has the ability to bypass the critical authentication routine, they might also have the ability to bypass the other protection routine that checks the artifacts. Basically, depending on these kind of protections is akin to resorting to \"Security by Obscurity\".\n\t\t "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01873","_id":"cwe_detection/cwe_detection_01873","_rev":"_dVfOTlS-_B","original_id":"1247","name":"Improper Protection Against Voltage and Clock Glitches","metadata":{"Method":"Architecture or Design Review","Description":"\n\t\t Many SoCs come equipped with a built-in Dynamic Voltage and Frequency Scaling (DVFS) that can control the voltage and clocks via software alone. However, there have been demonstrated attacks (like Plundervolt and CLKSCREW) that target this DVFS [REF-1081] [REF-1082]. During the design and implementation phases, one needs to check if the interface to this power management feature is available from unprivileged SW (CWE-1256), which would make the attack very easy.\n\t\t "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01888","_id":"cwe_detection/cwe_detection_01888","_rev":"_dVfOTlS-_C","original_id":"1256","name":"Improper Restriction of Software Interfaces to Hardware Features","metadata":{"Method":"Manual Analysis","Description":"Perform a security evaluation of system-level\n\t\tarchitecture and design with software-aided physical attacks\n\t\tin scope."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01889","_id":"cwe_detection/cwe_detection_01889","_rev":"_dVfOTlS-_D","original_id":"1256","name":"Improper Restriction of Software Interfaces to Hardware Features","metadata":{"Method":"Automated Dynamic Analysis","Description":"\n\t\t Use custom software to change registers that control clock settings or power settings to try to bypass security locks, or repeatedly write DRAM to try to change adjacent locations. This can be effective in extracting or changing data. The drawback is that it cannot be run before manufacturing, and it may require specialized software.\n\t\t"},"datatype":"cwe_detection"},{"_key":"cwe_detection_01896","_id":"cwe_detection/cwe_detection_01896","_rev":"_dVfOTlW---","original_id":"1260","name":"Improper Handling of Overlap Between Protected Memory Ranges","metadata":{"Method":"Manual Analysis","Description":"Create a high privilege memory block of any arbitrary size. Attempt to create a lower privilege memory block with an overlap of the high privilege memory block. If the creation attempt works, fix the hardware. Repeat the test."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01901","_id":"cwe_detection/cwe_detection_01901","_rev":"_dVfOTlW--_","original_id":"1262","name":"Improper Access Control for Register Interface","metadata":{"Method":"Manual Analysis","Description":"This is applicable in the Architecture phase before implementation started. Make sure access policy is specified for the entire memory map. Manual analysis may not ensure the implementation is correct."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01902","_id":"cwe_detection/cwe_detection_01902","_rev":"_dVfOTlW--A","original_id":"1262","name":"Improper Access Control for Register Interface","metadata":{"Method":"Manual Analysis","Description":"Registers controlling hardware should have access control implemented. This access control may be checked manually for correct implementation. Items to check consist of how are trusted parties set, how are trusted parties verified, how are accesses verified, etc. Effectiveness of a manual analysis will vary depending upon how complicated the interface is constructed."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01903","_id":"cwe_detection/cwe_detection_01903","_rev":"_dVfOTlW--B","original_id":"1262","name":"Improper Access Control for Register Interface","metadata":{"Method":"Simulation / Emulation","Description":"Functional simulation is applicable during the Implementation Phase. Testcases must be created and executed for memory mapped registers to verify adherence to the access control policy. This method can be effective, since functional verification needs to be performed on the design, and verification for this weakness will be included. There can be difficulty covering the entire memory space during the test."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01904","_id":"cwe_detection/cwe_detection_01904","_rev":"_dVfOTlW--C","original_id":"1262","name":"Improper Access Control for Register Interface","metadata":{"Method":"Formal Verification","Description":"Formal verification is applicable during the Implementation phase. Assertions need to be created in order to capture illegal register access scenarios and prove that they cannot occur. Formal methods are exhaustive and can be very effective, but creating the cases for large designs may be complex and difficult."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01905","_id":"cwe_detection/cwe_detection_01905","_rev":"_dVfOTlW--D","original_id":"1262","name":"Improper Access Control for Register Interface","metadata":{"Method":"Automated Analysis","Description":"Information flow tracking can be applicable during the Implementation phase. Security sensitive data (assets) - for example, as stored in registers - is automatically tracked over time through the design to verify the data doesn't reach illegal destinations that violate the access policies for the memory map. This method can be very effective when used together with simulation and emulation, since detecting violations doesn't rely on specific scenarios or data values. This method does rely on simulation and emulation, so testcases must exist in order to use this method."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01906","_id":"cwe_detection/cwe_detection_01906","_rev":"_dVfOTlW--E","original_id":"1262","name":"Improper Access Control for Register Interface","metadata":{"Method":"Architecture or Design Review","Description":"Manual documentation review of the system memory map, register specification, and permissions associated with accessing security-relevant functionality exposed via memory-mapped registers."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01907","_id":"cwe_detection/cwe_detection_01907","_rev":"_dVfOTlW--F","original_id":"1262","name":"Improper Access Control for Register Interface","metadata":{"Method":"Fuzzing","Description":"Perform penetration testing (either manual or semi-automated with fuzzing) to verify that access control mechanisms such as the memory protection units or on-chip bus firewall settings adequately protect critical hardware registers from software access."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01926","_id":"cwe_detection/cwe_detection_01926","_rev":"_dVfOTlW--G","original_id":"1272","name":"Sensitive Information Uncleared Before Debug/Power State Transition","metadata":{"Method":"Manual Analysis","Description":"Write a known pattern into each sensitive location. Enter the power/debug state in question. Read data back from the sensitive locations. If the reads are successful, and the data is the same as the pattern that was originally written, the test fails and the device needs to be fixed. Note that this test can likely be automated."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01931","_id":"cwe_detection/cwe_detection_01931","_rev":"_dVfOTlW--H","original_id":"1274","name":"Improper Access Control for Volatile Memory Containing Boot Code","metadata":{"Method":"Manual Analysis","Description":"Ensure the volatile memory is lockable or has locks. Ensure the volatile memory is locked for writes from untrusted agents or adversaries. Try modifying the volatile memory from an untrusted agent, and ensure these writes are dropped.\n\t\t\t "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01932","_id":"cwe_detection/cwe_detection_01932","_rev":"_dVfOTlW--I","original_id":"1274","name":"Improper Access Control for Volatile Memory Containing Boot Code","metadata":{"Method":"Manual Analysis","Description":"\n\t\t\t Analyze the device using the following steps:\n\t\t\t \n\t\t\t\t1) Identify all fabric master agents that are active during system Boot Flow when initial code is loaded from Non-volatile storage to volatile memory.\n\t\t\t\t2) Identify the volatile memory regions that are used for storing loaded system executable program.\n\t\t\t\t3) During system boot, test programming the identified memory regions in step 2 from all the masters identified in step 1.\n\t\t\t \n\t\t\t Only trusted masters should be allowed to write to the memory regions. For example, pluggable device peripherals should not have write access to program load memory regions.\n\t\t\t "},"datatype":"cwe_detection"},{"_key":"cwe_detection_01938","_id":"cwe_detection/cwe_detection_01938","_rev":"_dVfOTlW--J","original_id":"1277","name":"Firmware Not Updateable","metadata":{"Method":"Manual Analysis","Description":"Create a new installable boot image of the current build with a minor version number change. Use the standard installation method to update the boot image. Verify that the minor version number has changed. Create a fake image. Verify that the boot updater will not install the fake image and generates an invalid image error message."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01939","_id":"cwe_detection/cwe_detection_01939","_rev":"_dVfOTlW--K","original_id":"1277","name":"Firmware Not Updateable","metadata":{"Method":"Architecture or Design Review","Description":"Check the consumer or maintainer documentation, the architecture/design documentation, or the original requirements to ensure that the documentation includes details for how to update the firmware."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01940","_id":"cwe_detection/cwe_detection_01940","_rev":"_dVfOTlW--L","original_id":"1277","name":"Firmware Not Updateable","metadata":{"Method":"Manual Dynamic Analysis","Description":"Determine if there is a lack of a capability to update read-only memory structure. This could manifest as a difference between the latest firmware version and current version within the device."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01958","_id":"cwe_detection/cwe_detection_01958","_rev":"_dVfOTlW--M","original_id":"1291","name":"Public Key Re-Use for Signing both Debug and Production Code","metadata":{"Method":"Architecture or Design Review","Description":"\n\t\t\t\t\t\tCompare the debug key with the production key to make sure that they are not the same.\n\t\t\t\t\t"},"datatype":"cwe_detection"},{"_key":"cwe_detection_01959","_id":"cwe_detection/cwe_detection_01959","_rev":"_dVfOTlW--N","original_id":"1291","name":"Public Key Re-Use for Signing both Debug and Production Code","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n\t\t\t\t\t\tCompare the debug key with the production key to make sure that they are not the same.\n\t\t\t\t\t"},"datatype":"cwe_detection"},{"_key":"cwe_detection_01968","_id":"cwe_detection/cwe_detection_01968","_rev":"_dVfOTlW--O","original_id":"1296","name":"Incorrect Chaining or Granularity of Debug Components","metadata":{"Method":"Architecture or Design Review","Description":"Appropriate Post-Si tests should be carried out at various authorization levels to ensure that debug components are properly chained and accessible only to users with appropriate credentials."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01969","_id":"cwe_detection/cwe_detection_01969","_rev":"_dVfOTlW--P","original_id":"1296","name":"Incorrect Chaining or Granularity of Debug Components","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"Appropriate Post-Si tests should be carried out at various authorization levels to ensure that debug components are properly chained and accessible only to users with appropriate credentials."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01971","_id":"cwe_detection/cwe_detection_01971","_rev":"_dVfOTlW--Q","original_id":"1297","name":"Unprotected Confidential Information on Device is Accessible by OSAT Vendors","metadata":{"Method":"Architecture or Design Review","Description":"Appropriate Post-Si tests should be carried out to ensure that residual confidential information is not left on parts leaving one facility for another facility."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01972","_id":"cwe_detection/cwe_detection_01972","_rev":"_dVfOTlW--R","original_id":"1297","name":"Unprotected Confidential Information on Device is Accessible by OSAT Vendors","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"Appropriate Post-Si tests should be carried out to ensure that residual confidential information is not left on parts leaving one facility for another facility."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01980","_id":"cwe_detection/cwe_detection_01980","_rev":"_dVfOTlW--S","original_id":"1300","name":"Improper Protection of Physical Side Channels","metadata":{"Method":"Manual Analysis","Description":"Perform a set of leakage detection tests such as the procedure outlined in the Test Vector Leakage Assessment (TVLA) test requirements for AES [REF-1230]. TVLA is the basis for the ISO standard 17825 [REF-1229]. A separate methodology is provided by [REF-1228]. Note that sole reliance on this method might not yield expected results [REF-1239] [REF-1240]."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01981","_id":"cwe_detection/cwe_detection_01981","_rev":"_dVfOTlW--T","original_id":"1300","name":"Improper Protection of Physical Side Channels","metadata":{"Method":"Manual Analysis","Description":"\n\t\t\t\t Post-silicon, perform full side-channel attacks (penetration testing) covering as many known leakage models as possible against test code."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01982","_id":"cwe_detection/cwe_detection_01982","_rev":"_dVfOTlW--U","original_id":"1300","name":"Improper Protection of Physical Side Channels","metadata":{"Method":"Manual Analysis","Description":"\n\t\t\t\t Pre-silicon - while the aforementioned TVLA methods can be performed post-silicon, models of device power consumption or other physical emanations can be built from information present at various stages of the hardware design process before fabrication. TVLA or known side-channel attacks can be applied to these simulated traces and countermeasures applied before tape-out. Academic research in this field includes [REF-1231] [REF-1232] [REF-1233]."},"datatype":"cwe_detection"},{"_key":"cwe_detection_01997","_id":"cwe_detection/cwe_detection_01997","_rev":"_dVfOTlW--V","original_id":"1312","name":"Missing Protection for Mirrored Regions in On-Chip Fabric Firewall","metadata":{"Method":"Manual Dynamic Analysis","Description":"Using an external debugger, send write transactions to mirrored regions to test if original, write-protected regions are modified. Similarly, send read transactions to mirrored regions to test if the original, read-protected signals can be read."},"datatype":"cwe_detection"},{"_key":"cwe_detection_02008","_id":"cwe_detection/cwe_detection_02008","_rev":"_dVfOTlW--W","original_id":"1316","name":"Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges","metadata":{"Method":"Automated Dynamic Analysis","Description":"Review address map in specification to see if there are any overlapping ranges."},"datatype":"cwe_detection"},{"_key":"cwe_detection_02009","_id":"cwe_detection/cwe_detection_02009","_rev":"_dVfOTlW--X","original_id":"1316","name":"Fabric-Address Map Allows Programming of Unwarranted Overlaps of Protected and Unprotected Ranges","metadata":{"Method":"Manual Static Analysis","Description":"Negative testing of access control on overlapped ranges."},"datatype":"cwe_detection"},{"_key":"cwe_detection_02012","_id":"cwe_detection/cwe_detection_02012","_rev":"_dVfOTlW--Y","original_id":"1317","name":"Missing Security Checks in Fabric Bridge","metadata":{"Method":"Automated Dynamic Analysis","Description":"RTL simulation to ensure that bridge-access controls are implemented properly."},"datatype":"cwe_detection"},{"_key":"cwe_detection_02013","_id":"cwe_detection/cwe_detection_02013","_rev":"_dVfOTlW--Z","original_id":"1317","name":"Missing Security Checks in Fabric Bridge","metadata":{"Method":"Manual Static Analysis","Description":"Formal verification of bridge RTL to ensure that access control cannot be bypassed. "},"datatype":"cwe_detection"},{"_key":"cwe_detection_02015","_id":"cwe_detection/cwe_detection_02015","_rev":"_dVfOTlW--a","original_id":"1318","name":"Missing Support for Security Features in On-chip Fabrics or Buses","metadata":{"Method":"Architecture or Design Review","Description":"Review the fabric specification and ensure that it contains signals to transfer security-sensitive signals. "},"datatype":"cwe_detection"},{"_key":"cwe_detection_02016","_id":"cwe_detection/cwe_detection_02016","_rev":"_dVfOTlW--b","original_id":"1318","name":"Missing Support for Security Features in On-chip Fabrics or Buses","metadata":{"Method":"Manual Static Analysis - Source Code","Description":"Lack of security features can also be confirmed through manual RTL review of the fabric RTL. "},"datatype":"cwe_detection"},{"_key":"cwe_detection_02034","_id":"cwe_detection/cwe_detection_02034","_rev":"_dVfOTlW--c","original_id":"1326","name":"Missing Immutable Root of Trust in Hardware","metadata":{"Method":"Automated Dynamic Analysis","Description":"Automated testing can verify that RoT components are immutable."},"datatype":"cwe_detection"},{"_key":"cwe_detection_02035","_id":"cwe_detection/cwe_detection_02035","_rev":"_dVfOTlW--d","original_id":"1326","name":"Missing Immutable Root of Trust in Hardware","metadata":{"Method":"Architecture or Design Review","Description":"Root of trust elements and memory should be part of architecture and design reviews."},"datatype":"cwe_detection"},{"_key":"cwe_detection_02040","_id":"cwe_detection/cwe_detection_02040","_rev":"_dVfOTlW--e","original_id":"1328","name":"Security Version Number Mutable to Older Versions","metadata":{"Method":"Automated Dynamic Analysis","Description":"Mutability of stored security version numbers and programming with older firmware images should be part of automated testing."},"datatype":"cwe_detection"},{"_key":"cwe_detection_02041","_id":"cwe_detection/cwe_detection_02041","_rev":"_dVfOTlW--f","original_id":"1328","name":"Security Version Number Mutable to Older Versions","metadata":{"Method":"Architecture or Design Review","Description":"Anti-roll-back features should be reviewed as part of Architecture or Design review."},"datatype":"cwe_detection"},{"_key":"cwe_detection_02046","_id":"cwe_detection/cwe_detection_02046","_rev":"_dVfOTlW--g","original_id":"1330","name":"Remanent Data Readable after Memory Erase","metadata":{"Method":"Architecture or Design Review","Description":"\n\t\t\t\t\t\n\t\t\t\t\tTesting of memory-device contents after clearing or erase commands.\n\t\t\t\t\tDynamic analysis of memory contents during device operation to detect specific, confidential assets.\n\t\t\t\t\tArchitecture and design analysis of memory clear and erase operations.\n\t\t\t\t\t\n\t\t\t\t\t"},"datatype":"cwe_detection"},{"_key":"cwe_detection_02047","_id":"cwe_detection/cwe_detection_02047","_rev":"_dVfOTlW--h","original_id":"1330","name":"Remanent Data Readable after Memory Erase","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"\n\t\t\t\t\t\n\t\t\t\t\tTesting of memory-device contents after clearing or erase commands.\n\t\t\t\t\tDynamic analysis of memory contents during device operation to detect specific, confidential assets.\n\t\t\t\t\tArchitecture and design analysis of memory clear and erase operations.\n\t\t\t\t\t\n\t\t\t\t\t"},"datatype":"cwe_detection"},{"_key":"cwe_detection_02049","_id":"cwe_detection/cwe_detection_02049","_rev":"_dVfOTlW--i","original_id":"1331","name":"Improper Isolation of Shared Resources in Network On Chip (NoC)","metadata":{"Method":"Manual Analysis","Description":"Providing marker flags to send through the interfaces coupled with examination of which users are able to read or manipulate the flags will help verify that the proper isolation has been achieved and is effective."},"datatype":"cwe_detection"},{"_key":"cwe_detection_02053","_id":"cwe_detection/cwe_detection_02053","_rev":"_dVfOTlW--j","original_id":"1332","name":"Improper Handling of Faults that Lead to Instruction Skips","metadata":{"Method":"Automated Static Analysis","Description":"This weakness can be found using automated static analysis once a developer has indicated which code paths are critical to protect."},"datatype":"cwe_detection"},{"_key":"cwe_detection_02054","_id":"cwe_detection/cwe_detection_02054","_rev":"_dVfOTlW--k","original_id":"1332","name":"Improper Handling of Faults that Lead to Instruction Skips","metadata":{"Method":"Simulation / Emulation","Description":"This weakness can be found using automated dynamic analysis. Both emulation of a CPU with instruction skips, as well as RTL simulation of a CPU IP, can indicate parts of the code that are sensitive to faults due to instruction skips."},"datatype":"cwe_detection"},{"_key":"cwe_detection_02055","_id":"cwe_detection/cwe_detection_02055","_rev":"_dVfOTlW--l","original_id":"1332","name":"Improper Handling of Faults that Lead to Instruction Skips","metadata":{"Method":"Manual Analysis","Description":"This weakness can be found using manual (static) analysis. The analyst has security objectives that are matched against the high-level code. This method is less precise than emulation, especially if the analysis is done at the higher level language rather than at assembly level."},"datatype":"cwe_detection"},{"_key":"cwe_detection_02068","_id":"cwe_detection/cwe_detection_02068","_rev":"_dVfOTlW--m","original_id":"1338","name":"Improper Protections Against Hardware Overheating","metadata":{"Method":"Dynamic Analysis with Manual Results Interpretation","Description":"Dynamic tests should be performed to stress-test temperature controls."},"datatype":"cwe_detection"},{"_key":"cwe_detection_02069","_id":"cwe_detection/cwe_detection_02069","_rev":"_dVfOTlW--n","original_id":"1338","name":"Improper Protections Against Hardware Overheating","metadata":{"Method":"Architecture or Design Review","Description":"Power management controls should be part of Architecture and Design reviews."},"datatype":"cwe_detection"},{"_key":"cwe_detection_02073","_id":"cwe_detection/cwe_detection_02073","_rev":"_dVfOTlW--o","original_id":"1341","name":"Multiple Releases of Same Resource or Handle","metadata":{"Method":"Automated Static Analysis","Description":"For commonly-used APIs and resource types, automated tools often have signatures that can spot this issue."},"datatype":"cwe_detection"},{"_key":"cwe_detection_02074","_id":"cwe_detection/cwe_detection_02074","_rev":"_dVfOTlW--p","original_id":"1341","name":"Multiple Releases of Same Resource or Handle","metadata":{"Method":"Automated Dynamic Analysis","Description":"Some compiler instrumentation tools such as AddressSanitizer (ASan) can indirectly detect some instances of this weakness."},"datatype":"cwe_detection"}]