Question
What Common Weakness Enumeration (CWE) do Contrast Security Protect rules map to?
Answer
CWE |
Contrast Protect Rule |
---|---|
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
• Cross-Site Scripting |
CWE-20: Improper Input Validation |
• OGNL Injection |
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
• Padding Oracle |
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
• SQL Injection |
CWE-352: Cross-Site Request Forgery (CSRF) |
• Cross-Site Request Forgery |
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
• Path Traversal |
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
• Command Injection |
CWE-434: Unrestricted Upload of File with Dangerous Type |
• Unsafe File Uploads |
CWE-611: Improper Restriction of XML External Entity Reference |
• XML External Entity Injection (XXE) |
CWE-400: Uncontrolled Resource Consumption |
• Regular Expression DoS |
CWE-502: Deserialization of Untrusted Data |
• Untrusted Deserialization |
CWE-269: Improper Privilege Management |
• Zip File Overwrite |