CAPEC - CAPEC-333: WASC Threat Classification 2.0 (Release 2.0)

Home > CAPEC List > CAPEC-333: WASC Threat Classification 2.0 (Release 2.0)

CAPEC List
Full CAPEC Dictionary
Methods of Attack View
Reports

About CAPEC
Documents
Resources

Community
Related Activities
Collaboration List
T-Shirt
Contact Us

News & Events
Calendar
Free Newsletter

Compatibility
Program
Requirements
Participants
Make a Declaration

Search the Site

CAPEC-333: WASC Threat Classification 2.0

WASC Threat Classification 2.0

View ID: 333 (View: Explicit Slice)

Status: Draft

View Data

View Structure: Explicit_Slice

View Objective

CAPEC nodes in this view (graph) are associated with the WASC Threat Classification 2.0.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
HasMember	Category	334	WASC Threat Classification 2.0 - WASC-01 - Insufficient Authentication	WASC Threat Classification 2.0333
HasMember	Category	335	WASC Threat Classification 2.0 - WASC-02 - Insufficient Authorization	WASC Threat Classification 2.0333
HasMember	Category	336	WASC Threat Classification 2.0 - WASC-03 - Integer Overflows	WASC Threat Classification 2.0333
HasMember	Category	337	WASC Threat Classification 2.0 - WASC-04 - Insufficient Transport Layer Protection	WASC Threat Classification 2.0333
HasMember	Category	338	WASC Threat Classification 2.0 - WASC-05 - Remote File Inclusion	WASC Threat Classification 2.0333
HasMember	Category	339	WASC Threat Classification 2.0 - WASC-06 - Format String	WASC Threat Classification 2.0333
HasMember	Category	340	WASC Threat Classification 2.0 - WASC-07 - Buffer Overflow	WASC Threat Classification 2.0333
HasMember	Category	341	WASC Threat Classification 2.0 - WASC-08 - Cross-Site Scripting	WASC Threat Classification 2.0333
HasMember	Category	342	WASC Threat Classification 2.0 - WASC-09 - Cross-Site Request Forgery	WASC Threat Classification 2.0333
HasMember	Category	343	WASC Threat Classification 2.0 - WASC-10 - Denial of Service	WASC Threat Classification 2.0333
HasMember	Category	344	WASC Threat Classification 2.0 - WASC-11 - Brute Force	WASC Threat Classification 2.0333
HasMember	Category	345	WASC Threat Classification 2.0 - WASC-12 - Content Spoofing	WASC Threat Classification 2.0333
HasMember	Category	346	WASC Threat Classification 2.0 - WASC-13 - Information Leakage	WASC Threat Classification 2.0333
HasMember	Category	347	WASC Threat Classification 2.0 - WASC-14 - Server Misconfiguration	WASC Threat Classification 2.0333
HasMember	Category	348	WASC Threat Classification 2.0 - WASC-15 - Application Misconfiguration	WASC Threat Classification 2.0333
HasMember	Category	349	WASC Threat Classification 2.0 - WASC-16 - Directory Indexing	WASC Threat Classification 2.0333
HasMember	Category	350	WASC Threat Classification 2.0 - WASC-17 - Improper Filesystem Permissions	WASC Threat Classification 2.0333
HasMember	Category	351	WASC Threat Classification 2.0 - WASC-18 - Credential/Session Prediction	WASC Threat Classification 2.0333
HasMember	Category	352	WASC Threat Classification 2.0 - WASC-19 - SQL Injection	WASC Threat Classification 2.0333
HasMember	Category	353	WASC Threat Classification 2.0 - WASC-20 - Improper Input Handling	WASC Threat Classification 2.0333
HasMember	Category	354	WASC Threat Classification 2.0 - WASC-21 - Insufficient Anti-automation	WASC Threat Classification 2.0333
HasMember	Category	355	WASC Threat Classification 2.0 - WASC-22 - Improper Output Handling	WASC Threat Classification 2.0333
HasMember	Category	356	WASC Threat Classification 2.0 - WASC-23 - XML Injection	WASC Threat Classification 2.0333
HasMember	Category	357	WASC Threat Classification 2.0 - WASC-24 - HTTP Request Splitting	WASC Threat Classification 2.0333
HasMember	Category	358	WASC Threat Classification 2.0 - WASC-25 - HTTP Response Splitting	WASC Threat Classification 2.0333
HasMember	Category	359	WASC Threat Classification 2.0 - WASC-26 - HTTP Request Smuggling	WASC Threat Classification 2.0333
HasMember	Category	360	WASC Threat Classification 2.0 - WASC-27 - HTTP Response Smuggling	WASC Threat Classification 2.0333
HasMember	Category	361	WASC Threat Classification 2.0 - WASC-28 - Null Byte Injection	WASC Threat Classification 2.0333
HasMember	Category	362	WASC Threat Classification 2.0 - WASC-29 - LDAP Injection	WASC Threat Classification 2.0333
HasMember	Category	363	WASC Threat Classification 2.0 - WASC-30 - Mail Command Injection	WASC Threat Classification 2.0333
HasMember	Category	364	WASC Threat Classification 2.0 - WASC-31 - OS Commanding	WASC Threat Classification 2.0333
HasMember	Category	365	WASC Threat Classification 2.0 - WASC-32 - Routing Detour	WASC Threat Classification 2.0333
HasMember	Category	366	WASC Threat Classification 2.0 - WASC-33 - Path Traversal	WASC Threat Classification 2.0333
HasMember	Category	367	WASC Threat Classification 2.0 - WASC-34 - Predictable Resource Location	WASC Threat Classification 2.0333
HasMember	Category	368	WASC Threat Classification 2.0 - WASC-35 - SOAP Array Abuse	WASC Threat Classification 2.0333
HasMember	Category	369	WASC Threat Classification 2.0 - WASC-36 - SSI Injection	WASC Threat Classification 2.0333
HasMember	Category	370	WASC Threat Classification 2.0 - WASC-37 - Session Fixation	WASC Threat Classification 2.0333
HasMember	Category	371	WASC Threat Classification 2.0 - WASC-38 - URL Redirector Abuse	WASC Threat Classification 2.0333
HasMember	Category	372	WASC Threat Classification 2.0 - WASC-39 - XPath Injection	WASC Threat Classification 2.0333
HasMember	Category	373	WASC Threat Classification 2.0 - WASC-40 - Insufficient Process Validation	WASC Threat Classification 2.0333
HasMember	Category	374	WASC Threat Classification 2.0 - WASC-41 - XML Attribute Blowup	WASC Threat Classification 2.0333
HasMember	Category	375	WASC Threat Classification 2.0 - WASC-42 - Abuse of Functionality	WASC Threat Classification 2.0333
HasMember	Category	376	WASC Threat Classification 2.0 - WASC-43 - XML External Entities	WASC Threat Classification 2.0333
HasMember	Category	377	WASC Threat Classification 2.0 - WASC-44 - XML Entity Expansion	WASC Threat Classification 2.0333
HasMember	Category	378	WASC Threat Classification 2.0 - WASC-45 - Fingerprinting	WASC Threat Classification 2.0333
HasMember	Category	379	WASC Threat Classification 2.0 - WASC-46 - XQuery Injection	WASC Threat Classification 2.0333
HasMember	Category	380	WASC Threat Classification 2.0 - WASC-47 - Insufficient Session Expiration	WASC Threat Classification 2.0333
HasMember	Category	381	WASC Threat Classification 2.0 - WASC-48 - Insecure Indexing	WASC Threat Classification 2.0333
HasMember	Category	382	WASC Threat Classification 2.0 - WASC-49 - Insufficient Password Recovery	WASC Threat Classification 2.0333

	CAPECs in this view		Total CAPECs
Total	82	out of	474
Views	0	out of	6
Categories	55	out of	68
Attack Patterns	34	out of	400

Page Last Updated: May 18, 2012


	CAPEC is co-sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2007 - 2013, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation. Contact capec@mitre.org for more information.	Privacy policy Terms of use Contact us

Common Attack Pattern Enumeration and Classification

CAPEC-333: WASC Threat Classification 2.0