Contrast Security CWE Protect Rule Mappings

  • Updated


What Common Weakness Enumeration (CWE) do Contrast Security Protect rules map to?



Contrast Protect Rule

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

• Cross-Site Scripting
• Stored Cross-site Scripting

CWE-20: Improper Input Validation

• OGNL Injection
• SSJS Injection
• Expression Language injection

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

• Padding Oracle

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

• SQL Injection
• NoSQL Injection

CWE-352: Cross-Site Request Forgery (CSRF)

• Cross-Site Request Forgery

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

• Path Traversal

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

• Command Injection

CWE-434: Unrestricted Upload of File with Dangerous Type

• Unsafe File Uploads

CWE-611: Improper Restriction of XML External Entity Reference

• XML External Entity Injection (XXE)

 CWE-400: Uncontrolled Resource Consumption

• Regular Expression DoS 

CWE-502: Deserialization of Untrusted Data

• Untrusted Deserialization

CWE-269: Improper Privilege Management

• Zip File Overwrite
• HTTP Method Tampering

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request