cwe – Page 2 – WindowsTechs.com

How can I map CVEs to their underlying CWE?

Posted on June 9, 2020 by HelloMolle

I was tasked with developing a consistent, relatively complete map for CVEs to CWEs at my internship, and I’m kind of at a loss finding a method to find a 1-to-1 way to map CVEs onto CWEs. Ideally, this would all be automated in the end. T… Continue reading How can I map CVEs to their underlying CWE?→

MITRE Releases an Update to The Common Weakness Enumeration (CWE)

Posted on March 12, 2020 by Anthony Israel-Davis

MITRE has been doing exceptional work in advancing cybersecurity as a public good, and it is an excellent resource for security professionals. Possibly best known for their ATT&CK Framework, a rich source of adversarial tactics and techniques and t… Continue reading MITRE Releases an Update to The Common Weakness Enumeration (CWE)→

Top 25 Most Dangerous Vulnerabilities, Smart City Privacy, DuckDuckGo vs. Google

Posted on December 6, 2019 by Tom Eston

In episode 94 of our monthly show for November 2019: The 25 most dangerous vulnerabilities, the privacy of new “smart cities”, and which search engine keeps your searches more private? It’s DuckDuckGo vs. Google! ** Show notes and lin… Continue reading Top 25 Most Dangerous Vulnerabilities, Smart City Privacy, DuckDuckGo vs. Google→

SQL Injection loses #1 spot as most dangerous attack technique

Posted on December 4, 2019 by Filip Truta

The Common Weakness Enumeration (CWE), a community-developed compilation of the most critical errors leading to vulnerabilities in software, has lowered SQL Injection from its #1 spot as the most dangerous attack technique. SQL Injection, one of the ol… Continue reading SQL Injection loses #1 spot as most dangerous attack technique→

No surprises in the top 25 most dangerous software errors

Posted on September 19, 2019 by Danny Bradbury

An in-depth study of reported bugs has produced a list of the top 25 bug categories in software today – with some old familiar names topping the list. Continue reading No surprises in the top 25 most dangerous software errors→

CWE-611: Improper Restriction of XML External Entity Reference with XSL include

Posted on August 23, 2019 by Hoppe

Veracode reports that the below code is susceptible to CWE-611: Improper Restriction of XML External Entity Reference.

XslCompiledTransform transform = new XslCompiledTransform();
transform.Load(xslwithospath);
StringWriter … Continue reading CWE-611: Improper Restriction of XML External Entity Reference with XSL include→

Faults vs weaknesses

Posted on December 11, 2018 by Ecterion

I am trying to make the link between faults and weaknesses (As defined by Common Weaknesses Enumeration).
The word "fault" is generally used in the reliability domain, to designate the cause of an error i.e., the cause of the dev… Continue reading Faults vs weaknesses→

CWE-234 – Snprintf Missing Parameter issues

Posted on October 2, 2018 by Smitch

We are scanning a third party library using a well know static analysis tool here.

We keep getting:

“Failure to Handle Missing Parameter CWE ID 234”

I’m not a C developer but I can’t see what is different or wrong with… Continue reading CWE-234 – Snprintf Missing Parameter issues→

How to find CAPEC items related to a CVE

Posted on June 6, 2018 by drdrek

Vulnerabilities with a CVE usually also have a CWE associated with them, but almost never CAPEC. CWE’s site also only very rarely points to related CAPEC items.

Is there a way to find a CVE’s related CAPEC items? or a mappi… Continue reading How to find CAPEC items related to a CVE→

Categorizing a data leak which is intentionally / by carelessness / by design

Posted on April 16, 2018 by Marcel

I have found a publicly accessible web page which discloses person-related data when queried with matching input data. This is against the company’s own data protection promise. I want to report responsibly with a proper desc… Continue reading Categorizing a data leak which is intentionally / by carelessness / by design→