Question
What Common Weakness Enumeration (CWE) do Contrast Security Protect rules map to?
Answer
|
CWE |
Contrast Protect Rule |
|---|---|
| CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
• Cross-Site Scripting |
|
CWE-20: Improper Input Validation |
• OGNL Injection |
|
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
• Padding Oracle |
|
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
• SQL Injection |
|
CWE-352: Cross-Site Request Forgery (CSRF) |
• Cross-Site Request Forgery |
|
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
• Path Traversal |
|
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
• Command Injection |
|
CWE-434: Unrestricted Upload of File with Dangerous Type |
• Unsafe File Uploads |
|
CWE-611: Improper Restriction of XML External Entity Reference |
• XML External Entity Injection (XXE) |
|
CWE-400: Uncontrolled Resource Consumption |
• Regular Expression DoS |
|
CWE-502: Deserialization of Untrusted Data |
• Untrusted Deserialization |
|
CWE-269: Improper Privilege Management |
• Zip File Overwrite |