OWASP'Periodic'Table'of'Vulnerabilities
Perimeter'and'Platform
A1
776,789
A2
A2
303
A5
16
A5
548
A5
280
134
400
22
120,131
SA
35,41,44
307
A2
SH
311,319
A4
WA
SM
DI
IF
FS
DA
PT
BO
A2
14
639
A5
16
798
A5
17
200
A6
200
6
74,444
10
626
33
799
7
Browsers'and'
Standards'@'
Session'
Management
BL
IT
BP
AM
FP
IF
RG
NB
BF
Generic'Framework
11
A1
4
89
A1
643,652
34,48
A2
15
A2
45
640
A4
13
639
A7
691
24,26,27
134
28
116
11,21
799
DS
A2
330
A2
303
693
BI
WA
11,18
A2
613
A2
SI
XP
19
A1
39,46
90
A1
91
A2
SH
IR
BP
IP
FS
OH
BF
49
34,48
A5
40
200
A7
306,862
6
120,131
22
434
11,21
190
CJ
IS
IG
303
A2
362
47
A2
311,319
A2
LI
XI
29
A1
23
611
A2
307
A2
WA
330
A3
IG
FP
IA
BO
IH
IO
45
79
A6
311,798
1,2
A8
352
7
626
20
610
3
113
XE
BL
BI
XS
ID
XF
NB
RD
RS
Custom'Framework
43
A1
11
88
A2
11,18
384
A2
8
613
A3
50
79
A6
9
200
A10
601
28
22
32
98
25
97
MI
SF
IS
XD
IL
UR
PT
RF
SS
30
A1
37
78
A4
639
47
345
8
799
13
116
38
434
SH
BP
CS
BF
OH
IH
A1
34,48
89
A6
12
200
A7
306,862
11,21
A7
691
22
190
20
400
33
840
5
799
Legend
36
=TopD10D2013
434
OWASP
RC
IT
OC
Custom'Code
31
SI
IL
IA
IP
IO
DA
AF
BF
IH
19
13
1,2
40
3
10
42
11,21
20
WASC
XX
CWE
4
Browsers'and'
Standards'@'
Content'
Management
A3
79
98
XS
RF
8
A8
352
5
74,444
XF
RG
9
345
24,26,27
693
CS
CJ
12
Symbol
AF
AM
BF
BI
BL
BO
BP
CJ
CS
DA
DI
DS
FP
FS
IA
ID
IF
IG
IH
IL
IO
IP
IR
IS
IT
LI
MI
NB
OC
OH
PT
RC
RD
RF
RG
RS
SA
SF
SH
SI
SM
SS
UR
WA
XD
XE
XF
XI
XP
XS
Name
Abuse&of&Functionality
Application&Misconfiguration
Brute&Force&(Generic)&/&Insufficient&AntiDautomation
Brute&Force&Session&Identifier
Brute&Force&Login
Buffer&Overflow
Brute&Force&Predictable&Resource&Location/Insecure&Indexing
Clickjacking
Content&Spoofing
Denial&of&Service&(Application&Based)
Directory&Indexing
Denial&of&Service&(Connection&Based)
Fingerprinting
Format&String
Insufficient&Authentication/Authorization
Insufficient&Data&Protection
Improper&Filesystem&Permissions
Implicit&Logout
Improper&Input&Handling
Information&Leakage
Integer&Overflow/Underflow
Insufficient&Process&Validation
Insufficient&Password&Recovery
Insufficient&Session&Expiration
Insufficient&Transport&Layer&Protection
LDAP&Injection
Mail&Command&Injection
Null&Byte&Injection
OS&Commanding
Improper&Output&Handling
Path&Traversal
Race&Conditions
Routing&Detour
Remote&File&Inclusion
HTTP&Request/Response&Smuggling
HTTP&Response&Splitting
SOAP&Array&Abuse,&XML&Attribute&Blowup,&XML&Entity&Expansion
Session&Fixation
Cookie&Theft/Session&Hijacking
SQL&Injection
Server&Misconfiguration
SSI&Injection
URL&Redirector&Abuse
Weak&HTTP&Authentication&Methods
CrossDSite&Scripting&(XSS)&D&DOMDBased
XML&External&Entities
CrossDSite&Request&Forgery
XML&Injection
XPath/XQuery&Injection
CrossDSite&Scripting&(XSS)
OWASP
A5
A2
A2
A4
A5
A5
A7
A6
A5
A2
A6
A7
A2
A2
A2
A1
A1
A1
A1
A2
A2
A1
A5
A10
A2
A3
A1
A8
A1
A1
A3
WASC
42
15
11,21
11,18
11
7
34,48
12
10
16
CWE
840
798
799
330
307
120,131
639
693
345
400
548
45
6
1,2
50
17
200
134
306,862
311,798
280
Standards
Perimeter/Platform Generic:Framework Custom:Framework
X
X
X
X
X
X
X
X
32
5
24,26,27
25
35,41,44
37
434
200
190
691
640
613
311,319
90
88
626
78
116
22
362
610
98
74,444
113
776,789
384
8
43
9
23
39,46
8
89
16
97
601
303
79
611
352
91
643,652
79
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
19
14
36
38
X
X
X
X
X
X
X
X
20
13
3
40
49
47
4
29
30
28
31
22
33
X
X
X
X
X
X
Custom:Code
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X