Vulnerability Categories

The vulnerabilities found in the OWASP Juice Shop are categorized into several different classes. Most of them cover different risk or vulnerability types from well-known lists or documents, such as OWASP Top 10, OWASP ASVS, OWASP Automated Threat Handbook and OWASP API Security Top 10 or MITRE's Common Weakness Enumeration. The following table presents a mapping of the Juice Shop's categories to OWASP, CWE and WASC threats, risks and attacks (without claiming to be complete).

Category breakdown

Category Mappings

Broken Access Control A5:2017, API1:2019, API5:2019 CWE-22, CWE-285, CWE-639 WASC-02, WASC-09, WASC-16
Broken Anti-Automation OWASP-AT-004, API4:2019, OWASP-AT-010, OAT-009, OAT-015, OAT-008 CWE-362 WASC-11, WASC-21
Broken Authentication A2:2017, API2:2019 CWE-287, CWE-352 WASC-01, WASC-49
Cross Site Scripting (XSS) A7:2017 CWE-79 WASC-8
Cryptographic Issues A3:2017 CWE-326, CWE-327, CWE-328, CWE-950 -
Improper Input Validation ASVS V5, API6:2019 CWE-20 WASC-20
Injection A1:2017, API8:2019 CWE-74, CWE-89 WASC-19, WASC-28, WASC-31
Insecure Deserialization A8:2017 CWE-502 -
Miscellaneous - - -
Security Misconfiguration A6:2017, A10:2017, API7:2019, API9:2019, API10:2019 CWE-209 WASC-14, WASC-15
Security through Obscurity - CWE-656 -
Sensitive Data Exposure A3:2017, API3:2019, OTG-CONFIG-004 CWE-200, CWE-530, CWE-548 WASC-13
Unvalidated Redirects A10:2013 CWE-601 WASC-38
Vulnerable Components A9:2017 CWE-829, CWE-506, CWE-1104 -
XML External Entities (XXE) A4:2017 CWE-611 WASC-43

results matching ""

    No results matching ""