Vulnerability Categories

The vulnerabilities found in the OWASP Juice Shop are categorized into several different classes. Most of them cover different risk or vulnerability types from well-known lists or documents, such as OWASP Top 10, OWASP ASVS, OWASP Automated Threat Handbook and OWASP API Security Top 10 or MITRE's Common Weakness Enumeration. The following table presents a mapping of the Juice Shop's categories to OWASP, CWE and WASC threats, risks and attacks (without claiming to be complete).

Category breakdown

Category Mappings

Category OWASP CWE WASC
Broken Access Control A5:2017, API1:2019, API5:2019 CWE-22, CWE-285, CWE-639 WASC-02, WASC-09, WASC-16
Broken Anti-Automation OWASP-AT-004, API4:2019, OWASP-AT-010, OAT-009, OAT-015, OAT-008 CWE-362 WASC-11, WASC-21
Broken Authentication A2:2017, API2:2019 CWE-287, CWE-352 WASC-01, WASC-49
Cross Site Scripting (XSS) A7:2017 CWE-79 WASC-8
Cryptographic Issues A3:2017 CWE-326, CWE-327, CWE-328, CWE-950 -
Improper Input Validation ASVS V5, API6:2019 CWE-20 WASC-20
Injection A1:2017, API8:2019 CWE-74, CWE-89 WASC-19, WASC-28, WASC-31
Insecure Deserialization A8:2017 CWE-502 -
Miscellaneous - - -
Security Misconfiguration A6:2017, A10:2017, API7:2019, API9:2019, API10:2019 CWE-209 WASC-14, WASC-15
Security through Obscurity - CWE-656 -
Sensitive Data Exposure A3:2017, API3:2019, OTG-CONFIG-004 CWE-200, CWE-530, CWE-548 WASC-13
Unvalidated Redirects A10:2013 CWE-601 WASC-38
Vulnerable Components A9:2017 CWE-829, CWE-506, CWE-1104 -
XML External Entities (XXE) A4:2017 CWE-611 WASC-43

results matching ""

    No results matching ""