Categories
375 curated groupings of CWE weaknesses by software fault pattern, OWASP topic, and CWE view.
2009 Top 25 - Insecure Interaction Between Components
Weaknesses in this category are listed in the "Insecure Interaction Between Components" section of the 2009 CWE/SANS Top 25 Programming…
9 weaknesses CAT-7532009 Top 25 - Porous Defenses
Weaknesses in this category are listed in the "Porous Defenses" section of the 2009 CWE/SANS Top 25 Programming Errors.
8 weaknesses CAT-7522009 Top 25 - Risky Resource Management
Weaknesses in this category are listed in the "Risky Resource Management" section of the 2009 CWE/SANS Top 25 Programming Errors.
9 weaknesses CAT-8012010 Top 25 - Insecure Interaction Between Components
Weaknesses in this category are listed in the "Insecure Interaction Between Components" section of the 2010 CWE/SANS Top 25 Programming…
8 weaknesses CAT-8032010 Top 25 - Porous Defenses
Weaknesses in this category are listed in the "Porous Defenses" section of the 2010 CWE/SANS Top 25 Programming Errors.
7 weaknesses CAT-8022010 Top 25 - Risky Resource Management
Weaknesses in this category are listed in the "Risky Resource Management" section of the 2010 CWE/SANS Top 25 Programming Errors.
10 weaknesses CAT-8082010 Top 25 - Weaknesses On the Cusp
Weaknesses in this category are not part of the general Top 25, but they were part of the original nominee list from which the Top 25 was…
16 weaknesses CAT-8642011 Top 25 - Insecure Interaction Between Components
Weaknesses in this category are listed in the "Insecure Interaction Between Components" section of the 2011 CWE/SANS Top 25 Most Dangerous…
7 weaknesses CAT-8662011 Top 25 - Porous Defenses
Weaknesses in this category are listed in the "Porous Defenses" section of the 2011 CWE/SANS Top 25 Most Dangerous Software Errors.
11 weaknesses CAT-8652011 Top 25 - Risky Resource Management
Weaknesses in this category are listed in the "Risky Resource Management" section of the 2011 CWE/SANS Top 25 Most Dangerous Software…
7 weaknesses CAT-8672011 Top 25 - Weaknesses On the Cusp
Weaknesses in this category are not part of the general Top 25, but they were part of the original nominee list from which the Top 25 was…
16 weaknesses CAT-14332025 MIHW Supplement: Expert Insights
Weaknesses in this category were not included in the 2025 Most Important Hardware Weaknesses (MIHW) because they did not have sufficient…
5 weaknesses CAT-2277PK - API Abuse
This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that…
10 weaknesses CAT-3987PK - Code Quality
This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that do…
9 weaknesses CAT-4857PK - Encapsulation
This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that occur…
10 weaknesses CAT-27PK - Environment
This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that are…
9 weaknesses CAT-3887PK - Errors
This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that occur…
4 weaknesses CAT-10057PK - Input Validation and Representation
This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that exist…
5 weaknesses CAT-2547PK - Security Features
Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality,…
11 weaknesses CAT-3617PK - Time and State
This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses related to…
7 weaknesses CAT-1228API / Function Errors
Weaknesses in this category are related to the use of built-in functions or external APIs.
7 weaknesses CAT-1009Audit
Weaknesses in this category are related to the design and architecture of audit-based components of the system. Frequently these deal with…
6 weaknesses CAT-1210Audit / Logging Errors
Weaknesses in this category are related to audit-based components of a software system. Frequently these deal with logging user activities…
6 weaknesses CAT-1010Authenticate Actors
Weaknesses in this category are related to the design and architecture of authentication components of the system. Frequently these deal…
28 weaknesses CAT-1211Authentication Errors
Weaknesses in this category are related to authentication components of a system. Frequently these deal with the ability to verify that an…
16 weaknesses CAT-1212Authorization Errors
Weaknesses in this category are related to authorization components of a system. Frequently these deal with the ability to enforce that…
9 weaknesses CAT-1011Authorize Actors
Weaknesses in this category are related to the design and architecture of a system's authorization components. Frequently these deal with…
60 weaknesses CAT-1006Bad Coding Practices
Weaknesses in this category are related to coding practices that are deemed unsafe and increase the chances that an exploitable…
60 weaknesses CAT-438Behavioral Problems
Weaknesses in this category are related to unexpected behaviors from code that an application uses.
19 weaknesses CAT-840Business Logic Errors
Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an…
8 weaknesses CAT-748CERT C Secure Coding Standard (2008) Appendix - POSIX (POS)
Weaknesses in this category are related to the rules and recommendations in the POSIX (POS) appendix of the CERT C Secure Coding Standard…
11 weaknesses CAT-743CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO)
Weaknesses in this category are related to the rules and recommendations in the Input Output (FIO) chapter of the CERT C Secure Coding…
26 weaknesses CAT-744CERT C Secure Coding Standard (2008) Chapter 11 - Environment (ENV)
Weaknesses in this category are related to the rules and recommendations in the Environment (ENV) chapter of the CERT C Secure Coding…
6 weaknesses CAT-745CERT C Secure Coding Standard (2008) Chapter 12 - Signals (SIG)
Weaknesses in this category are related to the rules and recommendations in the Signals (SIG) chapter of the CERT C Secure Coding Standard…
2 weaknesses CAT-746CERT C Secure Coding Standard (2008) Chapter 13 - Error Handling (ERR)
Weaknesses in this category are related to the rules and recommendations in the Error Handling (ERR) chapter of the CERT C Secure Coding…
5 weaknesses CAT-747CERT C Secure Coding Standard (2008) Chapter 14 - Miscellaneous (MSC)
Weaknesses in this category are related to the rules and recommendations in the Miscellaneous (MSC) chapter of the CERT C Secure Coding…
12 weaknesses CAT-735CERT C Secure Coding Standard (2008) Chapter 2 - Preprocessor (PRE)
Weaknesses in this category are related to the rules and recommendations in the Preprocessor (PRE) chapter of the CERT C Secure Coding…
1 weaknesses CAT-736CERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL)
Weaknesses in this category are related to the rules and recommendations in the Declarations and Initialization (DCL) chapter of the CERT…
3 weaknesses CAT-737CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP)
Weaknesses in this category are related to the rules and recommendations in the Expressions (EXP) chapter of the CERT C Secure Coding…
6 weaknesses CAT-738CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT)
Weaknesses in this category are related to the rules and recommendations in the Integers (INT) chapter of the CERT C Secure Coding…
12 weaknesses CAT-739CERT C Secure Coding Standard (2008) Chapter 6 - Floating Point (FLP)
Weaknesses in this category are related to the rules and recommendations in the Floating Point (FLP) chapter of the CERT C Secure Coding…
4 weaknesses CAT-740CERT C Secure Coding Standard (2008) Chapter 7 - Arrays (ARR)
Weaknesses in this category are related to the rules and recommendations in the Arrays (ARR) chapter of the CERT C Secure Coding Standard…
6 weaknesses CAT-741CERT C Secure Coding Standard (2008) Chapter 8 - Characters and Strings (STR)
Weaknesses in this category are related to the rules and recommendations in the Characters and Strings (STR) chapter of the CERT C Secure…
10 weaknesses CAT-742CERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM)
Weaknesses in this category are related to the rules and recommendations in the Memory Management (MEM) chapter of the CERT C Secure…
18 weaknesses CAT-869CERT C++ Secure Coding Section 01 - Preprocessor (PRE)
Weaknesses in this category are related to rules in the Preprocessor (PRE) section of the CERT C++ Secure Coding Standard. Since not all…
0 weaknesses CAT-870CERT C++ Secure Coding Section 02 - Declarations and Initialization (DCL)
Weaknesses in this category are related to rules in the Declarations and Initialization (DCL) section of the CERT C++ Secure Coding…
0 weaknesses CAT-871CERT C++ Secure Coding Section 03 - Expressions (EXP)
Weaknesses in this category are related to rules in the Expressions (EXP) section of the CERT C++ Secure Coding Standard. Since not all…
3 weaknesses CAT-872CERT C++ Secure Coding Section 04 - Integers (INT)
Weaknesses in this category are related to rules in the Integers (INT) section of the CERT C++ Secure Coding Standard. Since not all rules…
12 weaknesses CAT-873CERT C++ Secure Coding Section 05 - Floating Point Arithmetic (FLP)
Weaknesses in this category are related to rules in the Floating Point Arithmetic (FLP) section of the CERT C++ Secure Coding Standard.…
4 weaknesses CAT-874CERT C++ Secure Coding Section 06 - Arrays and the STL (ARR)
Weaknesses in this category are related to rules in the Arrays and the STL (ARR) section of the CERT C++ Secure Coding Standard. Since not…
6 weaknesses CAT-875CERT C++ Secure Coding Section 07 - Characters and Strings (STR)
Weaknesses in this category are related to rules in the Characters and Strings (STR) section of the CERT C++ Secure Coding Standard. Since…
9 weaknesses CAT-876CERT C++ Secure Coding Section 08 - Memory Management (MEM)
Weaknesses in this category are related to rules in the Memory Management (MEM) section of the CERT C++ Secure Coding Standard. Since not…
24 weaknesses CAT-877CERT C++ Secure Coding Section 09 - Input Output (FIO)
Weaknesses in this category are related to rules in the Input Output (FIO) section of the CERT C++ Secure Coding Standard. Since not all…
27 weaknesses CAT-878CERT C++ Secure Coding Section 10 - Environment (ENV)
Weaknesses in this category are related to rules in the Environment (ENV) section of the CERT C++ Secure Coding Standard. Since not all…
7 weaknesses CAT-879CERT C++ Secure Coding Section 11 - Signals (SIG)
Weaknesses in this category are related to rules in the Signals (SIG) section of the CERT C++ Secure Coding Standard. Since not all rules…
2 weaknesses CAT-880CERT C++ Secure Coding Section 12 - Exceptions and Error Handling (ERR)
Weaknesses in this category are related to rules in the Exceptions and Error Handling (ERR) section of the CERT C++ Secure Coding…
10 weaknesses CAT-881CERT C++ Secure Coding Section 13 - Object Oriented Programming (OOP)
Weaknesses in this category are related to rules in the Object Oriented Programming (OOP) section of the CERT C++ Secure Coding Standard.…
0 weaknesses CAT-882CERT C++ Secure Coding Section 14 - Concurrency (CON)
Weaknesses in this category are related to rules in the Concurrency (CON) section of the CERT C++ Secure Coding Standard. Since not all…
5 weaknesses CAT-883CERT C++ Secure Coding Section 49 - Miscellaneous (MSC)
Weaknesses in this category are related to rules in the Miscellaneous (MSC) section of the CERT C++ Secure Coding Standard. Since not all…
14 weaknesses CAT-1309CISQ Quality Measures - Efficiency
Weaknesses in this category are related to the CISQ Quality Measures for Efficiency. Presence of these weaknesses could reduce the…
15 weaknesses CAT-1307CISQ Quality Measures - Maintainability
Weaknesses in this category are related to the CISQ Quality Measures for Maintainability. Presence of these weaknesses could reduce the…
28 weaknesses CAT-1306CISQ Quality Measures - Reliability
Weaknesses in this category are related to the CISQ Quality Measures for Reliability. Presence of these weaknesses could reduce the…
34 weaknesses CAT-1308CISQ Quality Measures - Security
Weaknesses in this category are related to the CISQ Quality Measures for Security. Presence of these weaknesses could reduce the security…
34 weaknesses CAT-1130CISQ Quality Measures (2016) - Maintainability
Weaknesses in this category are related to the CISQ Quality Measures for Maintainability, as documented in 2016 with the Automated Source…
20 weaknesses CAT-1132CISQ Quality Measures (2016) - Performance Efficiency
Weaknesses in this category are related to the CISQ Quality Measures for Performance Efficiency, as documented in 2016 with the Automated…
14 weaknesses CAT-1129CISQ Quality Measures (2016) - Reliability
Weaknesses in this category are related to the CISQ Quality Measures for Reliability, as documented in 2016 with the Automated Source Code…
28 weaknesses CAT-1131CISQ Quality Measures (2016) - Security
Weaknesses in this category are related to the CISQ Quality Measures for Security, as documented in 2016 with the Automated Source Code…
22 weaknesses CAT-417Communication Channel Errors
Weaknesses in this category are related to improper handling of communication channels and access paths. These weaknesses include problems…
12 weaknesses CAT-1226Complexity Issues
Weaknesses in this category are associated with things being overly complex.
18 weaknesses CAT-1396Comprehensive Categorization: Access Control
Weaknesses in this category are related to access control.
156 weaknesses CAT-1397Comprehensive Categorization: Comparison
Weaknesses in this category are related to comparison.
16 weaknesses CAT-1398Comprehensive Categorization: Component Interaction
Weaknesses in this category are related to component interaction.
11 weaknesses CAT-1401Comprehensive Categorization: Concurrency
Weaknesses in this category are related to concurrency.
37 weaknesses CAT-1402Comprehensive Categorization: Encryption
Weaknesses in this category are related to encryption.
23 weaknesses CAT-1403Comprehensive Categorization: Exposed Resource
Weaknesses in this category are related to exposed resource.
45 weaknesses CAT-1404Comprehensive Categorization: File Handling
Weaknesses in this category are related to file handling.
46 weaknesses CAT-1405Comprehensive Categorization: Improper Check or Handling of Exceptional Conditions
Weaknesses in this category are related to improper check or handling of exceptional conditions.
16 weaknesses CAT-1406Comprehensive Categorization: Improper Input Validation
Weaknesses in this category are related to improper input validation.
18 weaknesses CAT-1407Comprehensive Categorization: Improper Neutralization
Weaknesses in this category are related to improper neutralization.
68 weaknesses CAT-1408Comprehensive Categorization: Incorrect Calculation
Weaknesses in this category are related to incorrect calculation.
12 weaknesses CAT-1409Comprehensive Categorization: Injection
Weaknesses in this category are related to injection.
42 weaknesses CAT-1410Comprehensive Categorization: Insufficient Control Flow Management
Weaknesses in this category are related to insufficient control flow management.
38 weaknesses CAT-1411Comprehensive Categorization: Insufficient Verification of Data Authenticity
Weaknesses in this category are related to insufficient verification of data authenticity.
16 weaknesses CAT-1399Comprehensive Categorization: Memory Safety
Weaknesses in this category are related to memory safety.
37 weaknesses CAT-1412Comprehensive Categorization: Poor Coding Practices
Weaknesses in this category are related to poor coding practices.
142 weaknesses CAT-1413Comprehensive Categorization: Protection Mechanism Failure
Weaknesses in this category are related to protection mechanism failure.
24 weaknesses CAT-1414Comprehensive Categorization: Randomness
Weaknesses in this category are related to randomness.
20 weaknesses CAT-1415Comprehensive Categorization: Resource Control
Weaknesses in this category are related to resource control.
17 weaknesses CAT-1416Comprehensive Categorization: Resource Lifecycle Management
Weaknesses in this category are related to resource lifecycle management.
107 weaknesses CAT-1417Comprehensive Categorization: Sensitive Information Exposure
Weaknesses in this category are related to sensitive information exposure.
36 weaknesses CAT-1418Comprehensive Categorization: Violation of Secure Design Principles
Weaknesses in this category are related to violation of secure design principles.
17 weaknesses CAT-557Concurrency Issues
Weaknesses in this category are related to concurrent use of shared resources.
11 weaknesses CAT-16Configuration
Weaknesses in this category are typically introduced during the configuration of the software.
0 weaknesses CAT-1201Core and Compute Issues
Weaknesses in this category are typically associated with CPUs, Graphics, Vision, AI, FPGA, and microcontrollers.
4 weaknesses CAT-255Credentials Management Errors
Weaknesses in this category are related to the management of credentials.
15 weaknesses CAT-1012Cross Cutting
Weaknesses in this category are related to the design and architecture of multiple security tactics and how they affect a system. For…
9 weaknesses CAT-1208Cross-Cutting Problems
Weaknesses in this category can arise in multiple areas of hardware design or can apply to a wide cross-section of components.
9 weaknesses CAT-310Cryptographic Issues
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with…
12 weaknesses CAT-1214Data Integrity Issues
Weaknesses in this category are related to a software system's data integrity components. Frequently these deal with the ability to ensure…
13 weaknesses CAT-137Data Neutralization Issues
Weaknesses in this category are related to the creation or neutralization of data using an incorrect format.
20 weaknesses CAT-19Data Processing Errors
Weaknesses in this category are typically found in functionality that processes data. Data processing is the manipulation of input to…
19 weaknesses CAT-1215Data Validation Issues
Weaknesses in this category are related to a software system's components for input validation, output validation, or other kinds of…
13 weaknesses CAT-1207Debug and Test Problems
Weaknesses in this category are related to hardware debug and test interfaces such as JTAG and scan chain.
12 weaknesses CAT-1225Documentation Issues
Weaknesses in this category are related to the documentation provided to support, create, or analyze a product.
6 weaknesses CAT-1227Encapsulation Issues
Weaknesses in this category are related to issues surrounding the bundling of data with the methods intended to operate on that data.
7 weaknesses CAT-1013Encrypt Data
Weaknesses in this category are related to the design and architecture of data confidentiality in a system. Frequently these deal with the…
38 weaknesses CAT-389Error Conditions, Return Values, Status Codes
This category includes weaknesses that occur if a function does not generate the correct return/status code, or if the application does…
16 weaknesses CAT-569Expression Issues
Weaknesses in this category are related to incorrectly written expressions within code.
4 weaknesses CAT-1219File Handling Issues
Weaknesses in this category are related to the handling of files within a software system. Files, directories, and folders are so central…
9 weaknesses CAT-1199General Circuit and Logic Design Concerns
Weaknesses in this category are related to hardware-circuit design and logic (e.g., CMOS transistors, finite state machines, and…
14 weaknesses CAT-429Handler Errors
Weaknesses in this category are related to improper management of handlers.
3 weaknesses CAT-1359ICS Communications
Weaknesses in this category are related to the "ICS Communications" super category from the SEI ETF "Categories of Security…
3 weaknesses CAT-1366ICS Communications: Frail Security in Protocols
Weaknesses in this category are related to the "Frail Security in Protocols" category from the SEI ETF "Categories of Security…
26 weaknesses CAT-1365ICS Communications: Unreliability
Weaknesses in this category are related to the "Unreliability" category from the SEI ETF "Categories of Security Vulnerabilities in ICS"…
11 weaknesses CAT-1364ICS Communications: Zone Boundary Failures
Weaknesses in this category are related to the "Zone Boundary Failures" category from the SEI ETF "Categories of Security Vulnerabilities…
19 weaknesses CAT-1360ICS Dependencies (& Architecture)
Weaknesses in this category are related to the "ICS Dependencies (& Architecture)" super category from the SEI ETF "Categories of Security…
2 weaknesses CAT-1368ICS Dependencies (& Architecture): External Digital Systems
Weaknesses in this category are related to the "External Digital Systems" category from the SEI ETF "Categories of Security…
16 weaknesses CAT-1367ICS Dependencies (& Architecture): External Physical Systems
Weaknesses in this category are related to the "External Physical Systems" category from the SEI ETF "Categories of Security…
4 weaknesses CAT-1375ICS Engineering (Construction/Deployment): Gaps in Details/Data
Weaknesses in this category are related to the "Gaps in Details/Data" category from the SEI ETF "Categories of Security Vulnerabilities in…
5 weaknesses CAT-1377ICS Engineering (Construction/Deployment): Inherent Predictability in Design
Weaknesses in this category are related to the "Inherent Predictability in Design" category from the SEI ETF "Categories of Security…
1 weaknesses CAT-1374ICS Engineering (Construction/Deployment): Maker Breaker Blindness
Weaknesses in this category are related to the "Maker Breaker Blindness" category from the SEI ETF "Categories of Security Vulnerabilities…
0 weaknesses CAT-1376ICS Engineering (Construction/Deployment): Security Gaps in Commissioning
Weaknesses in this category are related to the "Security Gaps in Commissioning" category from the SEI ETF "Categories of Security…
3 weaknesses CAT-1373ICS Engineering (Construction/Deployment): Trust Model Problems
Weaknesses in this category are related to the "Trust Model Problems" category from the SEI ETF "Categories of Security Vulnerabilities in…
3 weaknesses CAT-1362ICS Engineering (Constructions/Deployment)
Weaknesses in this category are related to the "ICS Engineering (Constructions/Deployment)" super category from the SEI ETF "Categories of…
5 weaknesses CAT-1363ICS Operations (& Maintenance)
Weaknesses in this category are related to the "ICS Operations (& Maintenance)" super category from the SEI ETF "Categories of Security…
6 weaknesses CAT-1383ICS Operations (& Maintenance): Compliance/Conformance with Regulatory Requirements
Weaknesses in this category are related to the "Compliance/Conformance with Regulatory Requirements" category from the SEI ETF "Categories…
1 weaknesses CAT-1382ICS Operations (& Maintenance): Emerging Energy Technologies
Weaknesses in this category are related to the "Emerging Energy Technologies" category from the SEI ETF "Categories of Security…
7 weaknesses CAT-1381ICS Operations (& Maintenance): Exploitable Standard Operational Procedures
Weaknesses in this category are related to the "Exploitable Standard Operational Procedures" category from the SEI ETF "Categories of…
0 weaknesses CAT-1378ICS Operations (& Maintenance): Gaps in obligations and training
Weaknesses in this category are related to the "Gaps in obligations and training" category from the SEI ETF "Categories of Security…
0 weaknesses CAT-1379ICS Operations (& Maintenance): Human factors in ICS environments
Weaknesses in this category are related to the "Human factors in ICS environments" category from the SEI ETF "Categories of Security…
2 weaknesses CAT-1380ICS Operations (& Maintenance): Post-analysis changes
Weaknesses in this category are related to the "Post-analysis changes" category from the SEI ETF "Categories of Security Vulnerabilities…
0 weaknesses CAT-1361ICS Supply Chain
Weaknesses in this category are related to the "ICS Supply Chain" super category from the SEI ETF "Categories of Security Vulnerabilities…
4 weaknesses CAT-1370ICS Supply Chain: Common Mode Frailties
Weaknesses in this category are related to the "Common Mode Frailties" category from the SEI ETF "Categories of Security Vulnerabilities…
6 weaknesses CAT-1369ICS Supply Chain: IT/OT Convergence/Expansion
Weaknesses in this category are related to the "IT/OT Convergence/Expansion" category from the SEI ETF "Categories of Security…
2 weaknesses CAT-1372ICS Supply Chain: OT Counterfeit and Malicious Corruption
Weaknesses in this category are related to the "OT Counterfeit and Malicious Corruption" category from the SEI ETF "Categories of Security…
5 weaknesses CAT-1371ICS Supply Chain: Poorly Documented or Undocumented Features
Weaknesses in this category are related to the "Poorly Documented or Undocumented Features" category from the SEI ETF "Categories of…
4 weaknesses CAT-1014Identify Actors
Weaknesses in this category are related to the design and architecture of a system's identification management components. Frequently…
12 weaknesses CAT-199Information Management Errors
Weaknesses in this category are related to improper handling of sensitive information.
17 weaknesses CAT-452Initialization and Cleanup Errors
Weaknesses in this category occur in behaviors that are used for initialization and breakdown.
7 weaknesses CAT-1197Integration Issues
Weaknesses in this category are those that arise due to integration of multiple hardware Intellectual Property (IP) cores, from…
1 weaknesses CAT-320Key Management Errors
Weaknesses in this category are related to errors in the management of cryptographic keys.
4 weaknesses CAT-1015Limit Access
Weaknesses in this category are related to the design and architecture of system resources. Frequently these deal with restricting the…
8 weaknesses CAT-1016Limit Exposure
Weaknesses in this category are related to the design and architecture of the entry points to a system. Frequently these deal with…
6 weaknesses CAT-1017Lock Computer
Weaknesses in this category are related to the design and architecture of a system's lockout mechanism. Frequently these deal with…
1 weaknesses CAT-1216Lockout Mechanism Errors
Weaknesses in this category are related to a software system's lockout mechanism. Frequently these deal with scenarios that take effect in…
1 weaknesses CAT-1018Manage User Sessions
Weaknesses in this category are related to the design and architecture of session management. Frequently these deal with the information…
6 weaknesses CAT-1195Manufacturing and Life Cycle Management Concerns
Weaknesses in this category are root-caused to defects that arise in the semiconductor-manufacturing process or during the life cycle and…
6 weaknesses CAT-1202Memory and Storage Issues
Weaknesses in this category are typically associated with memory (e.g., DRAM, SRAM) and storage technologies (e.g., NAND Flash, OTP,…
6 weaknesses CAT-1218Memory Buffer Errors
Weaknesses in this category are related to the handling of memory buffers within a software system.
9 weaknesses CAT-189Numeric Errors
Weaknesses in this category are related to improper calculation or conversion of numbers.
10 weaknesses CAT-251Often Misused: String Management
Functions that manipulate strings encourage buffer overflows.
0 weaknesses CAT-722OWASP Top Ten 2004 Category A1 - Unvalidated Input
Weaknesses in this category are related to the A1 category in the OWASP Top Ten 2004.
21 weaknesses CAT-731OWASP Top Ten 2004 Category A10 - Insecure Configuration Management
Weaknesses in this category are related to the A10 category in the OWASP Top Ten 2004.
30 weaknesses CAT-723OWASP Top Ten 2004 Category A2 - Broken Access Control
Weaknesses in this category are related to the A2 category in the OWASP Top Ten 2004.
17 weaknesses CAT-724OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
Weaknesses in this category are related to the A3 category in the OWASP Top Ten 2004.
18 weaknesses CAT-725OWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) Flaws
Weaknesses in this category are related to the A4 category in the OWASP Top Ten 2004.
2 weaknesses CAT-726OWASP Top Ten 2004 Category A5 - Buffer Overflows
Weaknesses in this category are related to the A5 category in the OWASP Top Ten 2004.
3 weaknesses CAT-727OWASP Top Ten 2004 Category A6 - Injection Flaws
Weaknesses in this category are related to the A6 category in the OWASP Top Ten 2004.
8 weaknesses CAT-728OWASP Top Ten 2004 Category A7 - Improper Error Handling
Weaknesses in this category are related to the A7 category in the OWASP Top Ten 2004.
10 weaknesses CAT-729OWASP Top Ten 2004 Category A8 - Insecure Storage
Weaknesses in this category are related to the A8 category in the OWASP Top Ten 2004.
10 weaknesses CAT-730OWASP Top Ten 2004 Category A9 - Denial of Service
Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2004.
12 weaknesses CAT-712OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS)
Weaknesses in this category are related to the A1 category in the OWASP Top Ten 2007.
1 weaknesses CAT-721OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access
Weaknesses in this category are related to the A10 category in the OWASP Top Ten 2007.
3 weaknesses CAT-713OWASP Top Ten 2007 Category A2 - Injection Flaws
Weaknesses in this category are related to the A2 category in the OWASP Top Ten 2007.
5 weaknesses CAT-714OWASP Top Ten 2007 Category A3 - Malicious File Execution
Weaknesses in this category are related to the A3 category in the OWASP Top Ten 2007.
4 weaknesses CAT-715OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference
Weaknesses in this category are related to the A4 category in the OWASP Top Ten 2007.
3 weaknesses CAT-716OWASP Top Ten 2007 Category A5 - Cross Site Request Forgery (CSRF)
Weaknesses in this category are related to the A5 category in the OWASP Top Ten 2007.
1 weaknesses CAT-717OWASP Top Ten 2007 Category A6 - Information Leakage and Improper Error Handling
Weaknesses in this category are related to the A6 category in the OWASP Top Ten 2007.
4 weaknesses CAT-718OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management
Weaknesses in this category are related to the A7 category in the OWASP Top Ten 2007.
3 weaknesses CAT-719OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
Weaknesses in this category are related to the A8 category in the OWASP Top Ten 2007.
4 weaknesses CAT-720OWASP Top Ten 2007 Category A9 - Insecure Communications
Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2007.
4 weaknesses CAT-810OWASP Top Ten 2010 Category A1 - Injection
Weaknesses in this category are related to the A1 category in the OWASP Top Ten 2010.
5 weaknesses CAT-819OWASP Top Ten 2010 Category A10 - Unvalidated Redirects and Forwards
Weaknesses in this category are related to the A10 category in the OWASP Top Ten 2010.
1 weaknesses CAT-811OWASP Top Ten 2010 Category A2 - Cross-Site Scripting (XSS)
Weaknesses in this category are related to the A2 category in the OWASP Top Ten 2010.
1 weaknesses CAT-812OWASP Top Ten 2010 Category A3 - Broken Authentication and Session Management
Weaknesses in this category are related to the A3 category in the OWASP Top Ten 2010.
4 weaknesses CAT-813OWASP Top Ten 2010 Category A4 - Insecure Direct Object References
Weaknesses in this category are related to the A4 category in the OWASP Top Ten 2010.
7 weaknesses CAT-814OWASP Top Ten 2010 Category A5 - Cross-Site Request Forgery(CSRF)
Weaknesses in this category are related to the A5 category in the OWASP Top Ten 2010.
1 weaknesses CAT-815OWASP Top Ten 2010 Category A6 - Security Misconfiguration
Weaknesses in this category are related to the A6 category in the OWASP Top Ten 2010.
6 weaknesses CAT-816OWASP Top Ten 2010 Category A7 - Insecure Cryptographic Storage
Weaknesses in this category are related to the A7 category in the OWASP Top Ten 2010.
5 weaknesses CAT-817OWASP Top Ten 2010 Category A8 - Failure to Restrict URL Access
Weaknesses in this category are related to the A8 category in the OWASP Top Ten 2010.
3 weaknesses CAT-818OWASP Top Ten 2010 Category A9 - Insufficient Transport Layer Protection
Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2010.
2 weaknesses CAT-929OWASP Top Ten 2013 Category A1 - Injection
Weaknesses in this category are related to the A1 category in the OWASP Top Ten 2013.
9 weaknesses CAT-938OWASP Top Ten 2013 Category A10 - Unvalidated Redirects and Forwards
Weaknesses in this category are related to the A10 category in the OWASP Top Ten 2013.
1 weaknesses CAT-930OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management
Weaknesses in this category are related to the A2 category in the OWASP Top Ten 2013.
9 weaknesses CAT-931OWASP Top Ten 2013 Category A3 - Cross-Site Scripting (XSS)
Weaknesses in this category are related to the A3 category in the OWASP Top Ten 2013.
1 weaknesses CAT-932OWASP Top Ten 2013 Category A4 - Insecure Direct Object References
Weaknesses in this category are related to the A4 category in the OWASP Top Ten 2013.
4 weaknesses CAT-933OWASP Top Ten 2013 Category A5 - Security Misconfiguration
Weaknesses in this category are related to the A5 category in the OWASP Top Ten 2013.
5 weaknesses CAT-934OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure
Weaknesses in this category are related to the A6 category in the OWASP Top Ten 2013.
8 weaknesses CAT-935OWASP Top Ten 2013 Category A7 - Missing Function Level Access Control
Weaknesses in this category are related to the A7 category in the OWASP Top Ten 2013.
1 weaknesses CAT-936OWASP Top Ten 2013 Category A8 - Cross-Site Request Forgery (CSRF)
Weaknesses in this category are related to the A8 category in the OWASP Top Ten 2013.
1 weaknesses CAT-937OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
0 weaknesses CAT-1027OWASP Top Ten 2017 Category A1 - Injection
Weaknesses in this category are related to the A1 category in the OWASP Top Ten 2017.
9 weaknesses CAT-1036OWASP Top Ten 2017 Category A10 - Insufficient Logging & Monitoring
Weaknesses in this category are related to the A10 category in the OWASP Top Ten 2017.
2 weaknesses CAT-1028OWASP Top Ten 2017 Category A2 - Broken Authentication
Weaknesses in this category are related to the A2 category in the OWASP Top Ten 2017.
9 weaknesses CAT-1029OWASP Top Ten 2017 Category A3 - Sensitive Data Exposure
Weaknesses in this category are related to the A3 category in the OWASP Top Ten 2017.
11 weaknesses CAT-1030OWASP Top Ten 2017 Category A4 - XML External Entities (XXE)
Weaknesses in this category are related to the A4 category in the OWASP Top Ten 2017.
2 weaknesses CAT-1031OWASP Top Ten 2017 Category A5 - Broken Access Control
Weaknesses in this category are related to the A5 category in the OWASP Top Ten 2017.
5 weaknesses CAT-1032OWASP Top Ten 2017 Category A6 - Security Misconfiguration
Weaknesses in this category are related to the A6 category in the OWASP Top Ten 2017.
3 weaknesses CAT-1033OWASP Top Ten 2017 Category A7 - Cross-Site Scripting (XSS)
Weaknesses in this category are related to the A7 category in the OWASP Top Ten 2017.
1 weaknesses CAT-1034OWASP Top Ten 2017 Category A8 - Insecure Deserialization
Weaknesses in this category are related to the A8 category in the OWASP Top Ten 2017.
1 weaknesses CAT-1035OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
0 weaknesses CAT-1345OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
Weaknesses in this category are related to the A01 category "Broken Access Control" in the OWASP Top Ten 2021.
34 weaknesses CAT-1346OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
Weaknesses in this category are related to the A02 category "Cryptographic Failures" in the OWASP Top Ten 2021.
29 weaknesses CAT-1347OWASP Top Ten 2021 Category A03:2021 - Injection
Weaknesses in this category are related to the A03 category "Injection" in the OWASP Top Ten 2021.
32 weaknesses CAT-1348OWASP Top Ten 2021 Category A04:2021 - Insecure Design
Weaknesses in this category are related to the A04 "Insecure Design" category in the OWASP Top Ten 2021.
40 weaknesses CAT-1349OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
Weaknesses in this category are related to the A05 category "Security Misconfiguration" in the OWASP Top Ten 2021.
20 weaknesses CAT-1352OWASP Top Ten 2021 Category A06:2021 - Vulnerable and Outdated Components
Weaknesses in this category are related to the A06 category "Vulnerable and Outdated Components" in the OWASP Top Ten 2021.
3 weaknesses CAT-1353OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
Weaknesses in this category are related to the A07 category "Identification and Authentication Failures" in the OWASP Top Ten 2021.
22 weaknesses CAT-1354OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures
Weaknesses in this category are related to the A08 category "Software and Data Integrity Failures" in the OWASP Top Ten 2021.
10 weaknesses CAT-1355OWASP Top Ten 2021 Category A09:2021 - Security Logging and Monitoring Failures
Weaknesses in this category are related to the A09 category "Security Logging and Monitoring Failures" in the OWASP Top Ten 2021.
4 weaknesses CAT-1356OWASP Top Ten 2021 Category A10:2021 - Server-Side Request Forgery (SSRF)
Weaknesses in this category are related to the A10 category "Server-Side Request Forgery (SSRF)" in the OWASP Top Ten 2021.
1 weaknesses CAT-1203Peripherals, On-chip Fabric, and Interface/IO Problems
Weaknesses in this category are related to hardware security problems that apply to peripheral devices, IO interfaces, on-chip…
6 weaknesses CAT-275Permission Issues
Weaknesses in this category are related to improper assignment or handling of permissions.
9 weaknesses CAT-264Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform…
0 weaknesses CAT-1388Physical Access Issues and Concerns
Weaknesses in this category are related to concerns of physical access.
10 weaknesses CAT-465Pointer Issues
Weaknesses in this category are related to improper handling of pointers.
10 weaknesses CAT-1206Power, Clock, Thermal, and Reset Concerns
Weaknesses in this category are related to system power, voltage, current, temperature, clocks, system state saving/restoring, and resets…
11 weaknesses CAT-265Privilege Issues
Weaknesses in this category occur with improper handling, assignment, or management of privileges. A privilege is a property of an agent,…
13 weaknesses CAT-1198Privilege Separation and Access Control Issues
Weaknesses in this category are related to features and mechanisms providing hardware-based isolation and access control (e.g., identity,…
20 weaknesses CAT-1213Random Number Issues
Weaknesses in this category are related to a software system's random number generation.
9 weaknesses CAT-411Resource Locking Problems
Weaknesses in this category are related to improper handling of locks that are used to control access to resources.
8 weaknesses CAT-399Resource Management Errors
Weaknesses in this category are related to improper management of system resources.
22 weaknesses CAT-1196Security Flow Issues
Weaknesses in this category are related to improper design of full-system security flows, including but not limited to secure boot, secure…
8 weaknesses CAT-1205Security Primitives and Cryptography Issues
Weaknesses in this category are related to hardware implementations of cryptographic protocols and other hardware-security primitives such…
7 weaknesses CAT-1155SEI CERT C Coding Standard - Guidelines 01. Preprocessor (PRE)
Weaknesses in this category are related to the rules and recommendations in the Preprocessor (PRE) section of the SEI CERT C Coding…
0 weaknesses CAT-1156SEI CERT C Coding Standard - Guidelines 02. Declarations and Initialization (DCL)
Weaknesses in this category are related to the rules and recommendations in the Declarations and Initialization (DCL) section of the SEI…
1 weaknesses CAT-1157SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP)
Weaknesses in this category are related to the rules and recommendations in the Expressions (EXP) section of the SEI CERT C Coding Standard.
13 weaknesses CAT-1158SEI CERT C Coding Standard - Guidelines 04. Integers (INT)
Weaknesses in this category are related to the rules and recommendations in the Integers (INT) section of the SEI CERT C Coding Standard.
14 weaknesses CAT-1159SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP)
Weaknesses in this category are related to the rules and recommendations in the Floating Point (FLP) section of the SEI CERT C Coding…
4 weaknesses CAT-1160SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR)
Weaknesses in this category are related to the rules and recommendations in the Arrays (ARR) section of the SEI CERT C Coding Standard.
10 weaknesses CAT-1161SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR)
Weaknesses in this category are related to the rules and recommendations in the Characters and Strings (STR) section of the SEI CERT C…
9 weaknesses CAT-1162SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM)
Weaknesses in this category are related to the rules and recommendations in the Memory Management (MEM) section of the SEI CERT C Coding…
16 weaknesses CAT-1163SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO)
Weaknesses in this category are related to the rules and recommendations in the Input Output (FIO) section of the SEI CERT C Coding…
18 weaknesses CAT-1165SEI CERT C Coding Standard - Guidelines 10. Environment (ENV)
Weaknesses in this category are related to the rules and recommendations in the Environment (ENV) section of the SEI CERT C Coding Standard.
4 weaknesses CAT-1166SEI CERT C Coding Standard - Guidelines 11. Signals (SIG)
Weaknesses in this category are related to the rules and recommendations in the Signals (SIG) section of the SEI CERT C Coding Standard.
2 weaknesses CAT-1167SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR)
Weaknesses in this category are related to the rules and recommendations in the Error Handling (ERR) section of the SEI CERT C Coding…
6 weaknesses CAT-1168SEI CERT C Coding Standard - Guidelines 13. Application Programming Interfaces (API)
Weaknesses in this category are related to the rules and recommendations in the Application Programming Interfaces (API) section of the…
0 weaknesses CAT-1169SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON)
Weaknesses in this category are related to the rules and recommendations in the Concurrency (CON) section of the SEI CERT C Coding Standard.
5 weaknesses CAT-1170SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC)
Weaknesses in this category are related to the rules and recommendations in the Miscellaneous (MSC) section of the SEI CERT C Coding…
6 weaknesses CAT-1171SEI CERT C Coding Standard - Guidelines 50. POSIX (POS)
Weaknesses in this category are related to the rules and recommendations in the POSIX (POS) section of the SEI CERT C Coding Standard.
9 weaknesses CAT-1172SEI CERT C Coding Standard - Guidelines 51. Microsoft Windows (WIN)
Weaknesses in this category are related to the rules and recommendations in the Microsoft Windows (WIN) section of the SEI CERT C Coding…
2 weaknesses CAT-1134SEI CERT Oracle Secure Coding Standard for Java - Guidelines 00. Input Validation and Data Sanitization (IDS)
Weaknesses in this category are related to the rules and recommendations in the Input Validation and Data Sanitization (IDS) section of…
10 weaknesses CAT-1135SEI CERT Oracle Secure Coding Standard for Java - Guidelines 01. Declarations and Initialization (DCL)
Weaknesses in this category are related to the rules and recommendations in the Declarations and Initialization (DCL) section of the SEI…
1 weaknesses CAT-1136SEI CERT Oracle Secure Coding Standard for Java - Guidelines 02. Expressions (EXP)
Weaknesses in this category are related to the rules and recommendations in the Expressions (EXP) section of the SEI CERT Oracle Secure…
4 weaknesses CAT-1137SEI CERT Oracle Secure Coding Standard for Java - Guidelines 03. Numeric Types and Operations (NUM)
Weaknesses in this category are related to the rules and recommendations in the Numeric Types and Operations (NUM) section of the SEI CERT…
6 weaknesses CAT-1138SEI CERT Oracle Secure Coding Standard for Java - Guidelines 04. Characters and Strings (STR)
Weaknesses in this category are related to the rules and recommendations in the Characters and Strings (STR) section of the SEI CERT…
1 weaknesses CAT-1139SEI CERT Oracle Secure Coding Standard for Java - Guidelines 05. Object Orientation (OBJ)
Weaknesses in this category are related to the rules and recommendations in the Object Orientation (OBJ) section of the SEI CERT Oracle…
8 weaknesses CAT-1140SEI CERT Oracle Secure Coding Standard for Java - Guidelines 06. Methods (MET)
Weaknesses in this category are related to the rules and recommendations in the Methods (MET) section of the SEI CERT Oracle Secure Coding…
8 weaknesses CAT-1141SEI CERT Oracle Secure Coding Standard for Java - Guidelines 07. Exceptional Behavior (ERR)
Weaknesses in this category are related to the rules and recommendations in the Exceptional Behavior (ERR) section of the SEI CERT Oracle…
9 weaknesses CAT-1142SEI CERT Oracle Secure Coding Standard for Java - Guidelines 08. Visibility and Atomicity (VNA)
Weaknesses in this category are related to the rules and recommendations in the Visibility and Atomicity (VNA) section of the SEI CERT…
6 weaknesses CAT-1143SEI CERT Oracle Secure Coding Standard for Java - Guidelines 09. Locking (LCK)
Weaknesses in this category are related to the rules and recommendations in the Locking (LCK) section of the SEI CERT Oracle Secure Coding…
4 weaknesses CAT-1144SEI CERT Oracle Secure Coding Standard for Java - Guidelines 10. Thread APIs (THI)
Weaknesses in this category are related to the rules and recommendations in the Thread APIs (THI) section of the SEI CERT Oracle Secure…
1 weaknesses CAT-1145SEI CERT Oracle Secure Coding Standard for Java - Guidelines 11. Thread Pools (TPS)
Weaknesses in this category are related to the rules and recommendations in the Thread Pools (TPS) section of the SEI CERT Oracle Secure…
3 weaknesses CAT-1146SEI CERT Oracle Secure Coding Standard for Java - Guidelines 12. Thread-Safety Miscellaneous (TSM)
Weaknesses in this category are related to the rules and recommendations in the Thread-Safety Miscellaneous (TSM) section of the SEI CERT…
0 weaknesses CAT-1147SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO)
Weaknesses in this category are related to the rules and recommendations in the Input Output (FIO) section of the SEI CERT Oracle Secure…
15 weaknesses CAT-1148SEI CERT Oracle Secure Coding Standard for Java - Guidelines 14. Serialization (SER)
Weaknesses in this category are related to the rules and recommendations in the Serialization (SER) section of the SEI CERT Oracle Secure…
5 weaknesses CAT-1149SEI CERT Oracle Secure Coding Standard for Java - Guidelines 15. Platform Security (SEC)
Weaknesses in this category are related to the rules and recommendations in the Platform Security (SEC) section of the SEI CERT Oracle…
3 weaknesses CAT-1150SEI CERT Oracle Secure Coding Standard for Java - Guidelines 16. Runtime Environment (ENV)
Weaknesses in this category are related to the rules and recommendations in the Runtime Environment (ENV) section of the SEI CERT Oracle…
2 weaknesses CAT-1151SEI CERT Oracle Secure Coding Standard for Java - Guidelines 17. Java Native Interface (JNI)
Weaknesses in this category are related to the rules and recommendations in the Java Native Interface (JNI) section of the SEI CERT Oracle…
1 weaknesses CAT-1175SEI CERT Oracle Secure Coding Standard for Java - Guidelines 18. Concurrency (CON)
Weaknesses in this category are related to the rules and recommendations in the Concurrency (CON) section of the SEI CERT Oracle Secure…
0 weaknesses CAT-1152SEI CERT Oracle Secure Coding Standard for Java - Guidelines 49. Miscellaneous (MSC)
Weaknesses in this category are related to the rules and recommendations in the Miscellaneous (MSC) section of the SEI CERT Oracle Secure…
11 weaknesses CAT-1153SEI CERT Oracle Secure Coding Standard for Java - Guidelines 50. Android (DRD)
Weaknesses in this category are related to the rules and recommendations in the Android (DRD) section of the SEI CERT Oracle Secure Coding…
0 weaknesses CAT-1179SEI CERT Perl Coding Standard - Guidelines 01. Input Validation and Data Sanitization (IDS)
Weaknesses in this category are related to the rules and recommendations in the Input Validation and Data Sanitization (IDS) section of…
7 weaknesses CAT-1180SEI CERT Perl Coding Standard - Guidelines 02. Declarations and Initialization (DCL)
Weaknesses in this category are related to the rules and recommendations in the Declarations and Initialization (DCL) section of the SEI…
4 weaknesses CAT-1181SEI CERT Perl Coding Standard - Guidelines 03. Expressions (EXP)
Weaknesses in this category are related to the rules and recommendations in the Expressions (EXP) section of the SEI CERT Perl Coding…
13 weaknesses CAT-1182SEI CERT Perl Coding Standard - Guidelines 04. Integers (INT)
Weaknesses in this category are related to the rules and recommendations in the Integers (INT) section of the SEI CERT Perl Coding Standard.
1 weaknesses CAT-1183SEI CERT Perl Coding Standard - Guidelines 05. Strings (STR)
Weaknesses in this category are related to the rules and recommendations in the Strings (STR) section of the SEI CERT Perl Coding Standard.
0 weaknesses CAT-1184SEI CERT Perl Coding Standard - Guidelines 06. Object-Oriented Programming (OOP)
Weaknesses in this category are related to the rules and recommendations in the Object-Oriented Programming (OOP) section of the SEI CERT…
1 weaknesses CAT-1185SEI CERT Perl Coding Standard - Guidelines 07. File Input and Output (FIO)
Weaknesses in this category are related to the rules and recommendations in the File Input and Output (FIO) section of the SEI CERT Perl…
1 weaknesses CAT-1186SEI CERT Perl Coding Standard - Guidelines 50. Miscellaneous (MSC)
Weaknesses in this category are related to the rules and recommendations in the Miscellaneous (MSC) section of the SEI CERT Perl Coding…
2 weaknesses CAT-899SFP Primary Cluster: Access Control
This category identifies Software Fault Patterns (SFPs) within the Access Control cluster (SFP35).
3 weaknesses CAT-887SFP Primary Cluster: API
This category identifies Software Fault Patterns (SFPs) within the API cluster (SFP3).
1 weaknesses CAT-898SFP Primary Cluster: Authentication
This category identifies Software Fault Patterns (SFPs) within the Authentication cluster (SFP29, SFP30, SFP31, SFP32, SFP33, SFP34).
9 weaknesses CAT-902SFP Primary Cluster: Channel
This category identifies Software Fault Patterns (SFPs) within the Channel cluster.
2 weaknesses CAT-903SFP Primary Cluster: Cryptography
This category identifies Software Fault Patterns (SFPs) within the Cryptography cluster.
2 weaknesses CAT-897SFP Primary Cluster: Entry Points
This category identifies Software Fault Patterns (SFPs) within the Entry Points cluster (SFP28).
1 weaknesses CAT-889SFP Primary Cluster: Exception Management
This category identifies Software Fault Patterns (SFPs) within the Exception Management cluster (SFP4, SFP5, SFP6).
3 weaknesses CAT-1238SFP Primary Cluster: Failure to Release Memory
This category identifies Software Fault Patterns (SFPs) within the Failure to Release Memory cluster (SFP38).
1 weaknesses CAT-1237SFP Primary Cluster: Faulty Resource Release
This category identifies Software Fault Patterns (SFPs) within the Faulty Resource Release cluster (SFP37).
3 weaknesses CAT-895SFP Primary Cluster: Information Leak
This category identifies Software Fault Patterns (SFPs) within the Information Leak cluster (SFP23).
5 weaknesses CAT-904SFP Primary Cluster: Malware
This category identifies Software Fault Patterns (SFPs) within the Malware cluster.
9 weaknesses CAT-890SFP Primary Cluster: Memory Access
This category identifies Software Fault Patterns (SFPs) within the Memory Access cluster (SFP7, SFP8).
5 weaknesses CAT-891SFP Primary Cluster: Memory Management
This category identifies Software Fault Patterns (SFPs) within the Memory Management cluster (SFP38).
1 weaknesses CAT-907SFP Primary Cluster: Other
This category identifies Software Fault Patterns (SFPs) within the Other cluster.
4 weaknesses CAT-893SFP Primary Cluster: Path Resolution
This category identifies Software Fault Patterns (SFPs) within the Path Resolution cluster (SFP16, SFP17, SFP18).
3 weaknesses CAT-905SFP Primary Cluster: Predictability
This category identifies Software Fault Patterns (SFPs) within the Predictability cluster.
15 weaknesses CAT-901SFP Primary Cluster: Privilege
This category identifies Software Fault Patterns (SFPs) within the Privilege cluster (SFP36).
12 weaknesses CAT-892SFP Primary Cluster: Resource Management
This category identifies Software Fault Patterns (SFPs) within the Resource Management cluster (SFP37).
4 weaknesses CAT-885SFP Primary Cluster: Risky Values
This category identifies Software Fault Patterns (SFPs) within the Risky Values cluster (SFP1).
1 weaknesses CAT-894SFP Primary Cluster: Synchronization
This category identifies Software Fault Patterns (SFPs) within the Synchronization cluster (SFP19, SFP20, SFP21, SFP22).
4 weaknesses CAT-896SFP Primary Cluster: Tainted Input
This category identifies Software Fault Patterns (SFPs) within the Tainted Input cluster (SFP24, SFP25, SFP26, SFP27).
5 weaknesses CAT-906SFP Primary Cluster: UI
This category identifies Software Fault Patterns (SFPs) within the UI cluster.
3 weaknesses CAT-886SFP Primary Cluster: Unused entities
This category identifies Software Fault Patterns (SFPs) within the Unused entities cluster (SFP2).
3 weaknesses CAT-944SFP Secondary Cluster: Access Management
This category identifies Software Fault Patterns (SFPs) within the Access Management cluster.
5 weaknesses CAT-960SFP Secondary Cluster: Ambiguous Exception Type
This category identifies Software Fault Patterns (SFPs) within the Ambiguous Exception Type cluster (SFP5).
2 weaknesses CAT-975SFP Secondary Cluster: Architecture
This category identifies Software Fault Patterns (SFPs) within the Architecture cluster.
11 weaknesses CAT-947SFP Secondary Cluster: Authentication Bypass
This category identifies Software Fault Patterns (SFPs) within the Authentication Bypass cluster.
9 weaknesses CAT-958SFP Secondary Cluster: Broken Cryptography
This category identifies Software Fault Patterns (SFPs) within the Broken Cryptography cluster.
5 weaknesses CAT-956SFP Secondary Cluster: Channel Attack
This category identifies Software Fault Patterns (SFPs) within the Channel Attack cluster.
8 weaknesses CAT-976SFP Secondary Cluster: Compiler
This category identifies Software Fault Patterns (SFPs) within the Compiler cluster.
1 weaknesses CAT-968SFP Secondary Cluster: Covert Channel
This category identifies Software Fault Patterns (SFPs) within the Covert Channel cluster.
3 weaknesses CAT-977SFP Secondary Cluster: Design
This category identifies Software Fault Patterns (SFPs) within the Design cluster.
27 weaknesses CAT-948SFP Secondary Cluster: Digital Certificate
This category identifies Software Fault Patterns (SFPs) within the Digital Certificate cluster.
6 weaknesses CAT-963SFP Secondary Cluster: Exposed Data
This category identifies Software Fault Patterns (SFPs) within the Exposed Data cluster (SFP23).
73 weaknesses CAT-964SFP Secondary Cluster: Exposure Temporary File
This category identifies Software Fault Patterns (SFPs) within the Exposure Temporary File cluster.
3 weaknesses CAT-979SFP Secondary Cluster: Failed Chroot Jail
This category identifies Software Fault Patterns (SFPs) within the Failed Chroot Jail cluster (SFP17).
1 weaknesses CAT-982SFP Secondary Cluster: Failure to Release Resource
This category identifies Software Fault Patterns (SFPs) within the Failure to Release Resource cluster (SFP14).
6 weaknesses CAT-970SFP Secondary Cluster: Faulty Buffer Access
This category identifies Software Fault Patterns (SFPs) within the Faulty Buffer Access cluster (SFP8).
11 weaknesses CAT-949SFP Secondary Cluster: Faulty Endpoint Authentication
This category identifies Software Fault Patterns (SFPs) within the Faulty Endpoint Authentication cluster (SFP29).
9 weaknesses CAT-992SFP Secondary Cluster: Faulty Input Transformation
This category identifies Software Fault Patterns (SFPs) within the Faulty Input Transformation cluster.
15 weaknesses CAT-969SFP Secondary Cluster: Faulty Memory Release
This category identifies Software Fault Patterns (SFPs) within the Faulty Memory Release cluster (SFP12).
4 weaknesses CAT-971SFP Secondary Cluster: Faulty Pointer Use
This category identifies Software Fault Patterns (SFPs) within the Faulty Pointer Use cluster (SFP7).
3 weaknesses CAT-983SFP Secondary Cluster: Faulty Resource Use
This category identifies Software Fault Patterns (SFPs) within the Faulty Resource Use cluster (SFP15).
2 weaknesses CAT-972SFP Secondary Cluster: Faulty String Expansion
This category identifies Software Fault Patterns (SFPs) within the Faulty String Expansion cluster (SFP9).
1 weaknesses CAT-995SFP Secondary Cluster: Feature
This category identifies Software Fault Patterns (SFPs) within the Feature cluster.
7 weaknesses CAT-998SFP Secondary Cluster: Glitch in Computation
This category identifies Software Fault Patterns (SFPs) within the Glitch in Computation cluster (SFP1).
31 weaknesses CAT-950SFP Secondary Cluster: Hardcoded Sensitive Data
This category identifies Software Fault Patterns (SFPs) within the Hardcoded Sensitive Data cluster (SFP33).
4 weaknesses CAT-978SFP Secondary Cluster: Implementation
This category identifies Software Fault Patterns (SFPs) within the Implementation cluster.
4 weaknesses CAT-973SFP Secondary Cluster: Improper NULL Termination
This category identifies Software Fault Patterns (SFPs) within the Improper NULL Termination cluster (SFP11).
1 weaknesses CAT-974SFP Secondary Cluster: Incorrect Buffer Length Computation
This category identifies Software Fault Patterns (SFPs) within the Incorrect Buffer Length Computation cluster (SFP10).
4 weaknesses CAT-961SFP Secondary Cluster: Incorrect Exception Behavior
This category identifies Software Fault Patterns (SFPs) within the Incorrect Exception Behavior cluster (SFP6).
8 weaknesses CAT-993SFP Secondary Cluster: Incorrect Input Handling
This category identifies Software Fault Patterns (SFPs) within the Incorrect Input Handling cluster.
17 weaknesses CAT-997SFP Secondary Cluster: Information Loss
This category identifies Software Fault Patterns (SFPs) within the Information Loss cluster.
4 weaknesses CAT-951SFP Secondary Cluster: Insecure Authentication Policy
This category identifies Software Fault Patterns (SFPs) within the Insecure Authentication Policy cluster.
6 weaknesses CAT-945SFP Secondary Cluster: Insecure Resource Access
This category identifies Software Fault Patterns (SFPs) within the Insecure Resource Access cluster (SFP35).
4 weaknesses CAT-946SFP Secondary Cluster: Insecure Resource Permissions
This category identifies Software Fault Patterns (SFPs) within the Insecure Resource Permissions cluster.
7 weaknesses CAT-965SFP Secondary Cluster: Insecure Session Management
This category identifies Software Fault Patterns (SFPs) within the Insecure Session Management cluster.
3 weaknesses CAT-984SFP Secondary Cluster: Life Cycle
This category identifies Software Fault Patterns (SFPs) within the Life Cycle cluster.
4 weaknesses CAT-980SFP Secondary Cluster: Link in Resource Name Resolution
This category identifies Software Fault Patterns (SFPs) within the Link in Resource Name Resolution cluster (SFP18).
6 weaknesses CAT-952SFP Secondary Cluster: Missing Authentication
This category identifies Software Fault Patterns (SFPs) within the Missing Authentication cluster.
2 weaknesses CAT-953SFP Secondary Cluster: Missing Endpoint Authentication
This category identifies Software Fault Patterns (SFPs) within the Missing Endpoint Authentication cluster (SFP30).
2 weaknesses CAT-986SFP Secondary Cluster: Missing Lock
This category identifies Software Fault Patterns (SFPs) within the Missing Lock cluster (SFP19).
11 weaknesses CAT-954SFP Secondary Cluster: Multiple Binds to the Same Port
This category identifies Software Fault Patterns (SFPs) within the Multiple Binds to the Same Port cluster (SFP32).
1 weaknesses CAT-987SFP Secondary Cluster: Multiple Locks/Unlocks
This category identifies Software Fault Patterns (SFPs) within the Multiple Locks/Unlocks cluster (SFP21).
3 weaknesses CAT-966SFP Secondary Cluster: Other Exposures
This category identifies Software Fault Patterns (SFPs) within the Other Exposures cluster.
6 weaknesses CAT-981SFP Secondary Cluster: Path Traversal
This category identifies Software Fault Patterns (SFPs) within the Path Traversal cluster (SFP16).
43 weaknesses CAT-957SFP Secondary Cluster: Protocol Error
This category identifies Software Fault Patterns (SFPs) within the Protocol Error cluster.
5 weaknesses CAT-988SFP Secondary Cluster: Race Condition Window
This category identifies Software Fault Patterns (SFPs) within the Race Condition Window cluster (SFP20).
5 weaknesses CAT-996SFP Secondary Cluster: Security
This category identifies Software Fault Patterns (SFPs) within the Security cluster.
3 weaknesses CAT-967SFP Secondary Cluster: State Disclosure
This category identifies Software Fault Patterns (SFPs) within the State Disclosure cluster.
7 weaknesses CAT-990SFP Secondary Cluster: Tainted Input to Command
This category identifies Software Fault Patterns (SFPs) within the Tainted Input to Command cluster (SFP24).
86 weaknesses CAT-991SFP Secondary Cluster: Tainted Input to Environment
This category identifies Software Fault Patterns (SFPs) within the Tainted Input to Environment cluster (SFP27).
10 weaknesses CAT-994SFP Secondary Cluster: Tainted Input to Variable
This category identifies Software Fault Patterns (SFPs) within the Tainted Input to Variable cluster (SFP25).
8 weaknesses CAT-962SFP Secondary Cluster: Unchecked Status Condition
This category identifies Software Fault Patterns (SFPs) within the Unchecked Status Condition cluster (SFP4).
17 weaknesses CAT-1002SFP Secondary Cluster: Unexpected Entry Points
This category identifies Software Fault Patterns (SFPs) within the Unexpected Entry Points cluster.
11 weaknesses CAT-955SFP Secondary Cluster: Unrestricted Authentication
This category identifies Software Fault Patterns (SFPs) within the Unrestricted Authentication cluster (SFP34).
1 weaknesses CAT-985SFP Secondary Cluster: Unrestricted Consumption
This category identifies Software Fault Patterns (SFPs) within the Unrestricted Consumption cluster (SFP13).
4 weaknesses CAT-989SFP Secondary Cluster: Unrestricted Lock
This category identifies Software Fault Patterns (SFPs) within the Unrestricted Lock cluster (SFP22).
1 weaknesses CAT-1001SFP Secondary Cluster: Use of an Improper API
This category identifies Software Fault Patterns (SFPs) within the Use of an Improper API cluster (SFP3).
28 weaknesses CAT-959SFP Secondary Cluster: Weak Cryptography
This category identifies Software Fault Patterns (SFPs) within the Weak Cryptography cluster.
8 weaknesses CAT-387Signal Errors
Weaknesses in this category are related to the improper handling of signals.
1 weaknesses CAT-371State Issues
Weaknesses in this category are related to improper management of system state.
5 weaknesses CAT-133String Errors
Weaknesses in this category are related to the creation and modification of strings.
3 weaknesses CAT-853The CERT Oracle Secure Coding Standard for Java (2011) Chapter 10 - Locking (LCK)
Weaknesses in this category are related to rules in the Locking (LCK) chapter of The CERT Oracle Secure Coding Standard for Java (2011).
6 weaknesses CAT-854The CERT Oracle Secure Coding Standard for Java (2011) Chapter 11 - Thread APIs (THI)
Weaknesses in this category are related to rules in the Thread APIs (THI) chapter of The CERT Oracle Secure Coding Standard for Java (2011).
2 weaknesses CAT-855The CERT Oracle Secure Coding Standard for Java (2011) Chapter 12 - Thread Pools (TPS)
Weaknesses in this category are related to rules in the Thread Pools (TPS) chapter of The CERT Oracle Secure Coding Standard for Java…
3 weaknesses CAT-856The CERT Oracle Secure Coding Standard for Java (2011) Chapter 13 - Thread-Safety Miscellaneous (TSM)
Weaknesses in this category are related to rules in the Thread-Safety Miscellaneous (TSM) chapter of The CERT Oracle Secure Coding…
0 weaknesses CAT-857The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO)
Weaknesses in this category are related to rules in the Input Output (FIO) chapter of The CERT Oracle Secure Coding Standard for Java…
13 weaknesses CAT-858The CERT Oracle Secure Coding Standard for Java (2011) Chapter 15 - Serialization (SER)
Weaknesses in this category are related to rules in the Serialization (SER) chapter of The CERT Oracle Secure Coding Standard for Java…
7 weaknesses CAT-859The CERT Oracle Secure Coding Standard for Java (2011) Chapter 16 - Platform Security (SEC)
Weaknesses in this category are related to rules in the Platform Security (SEC) chapter of The CERT Oracle Secure Coding Standard for Java…
11 weaknesses CAT-860The CERT Oracle Secure Coding Standard for Java (2011) Chapter 17 - Runtime Environment (ENV)
Weaknesses in this category are related to rules in the Runtime Environment (ENV) chapter of The CERT Oracle Secure Coding Standard for…
2 weaknesses CAT-861The CERT Oracle Secure Coding Standard for Java (2011) Chapter 18 - Miscellaneous (MSC)
Weaknesses in this category are related to rules in the Miscellaneous (MSC) chapter of The CERT Oracle Secure Coding Standard for Java…
12 weaknesses CAT-845The CERT Oracle Secure Coding Standard for Java (2011) Chapter 2 - Input Validation and Data Sanitization (IDS)
Weaknesses in this category are related to rules in the Input Validation and Data Sanitization (IDS) chapter of The CERT Oracle Secure…
12 weaknesses CAT-846The CERT Oracle Secure Coding Standard for Java (2011) Chapter 3 - Declarations and Initialization (DCL)
Weaknesses in this category are related to rules in the Declarations and Initialization (DCL) chapter of The CERT Oracle Secure Coding…
1 weaknesses CAT-847The CERT Oracle Secure Coding Standard for Java (2011) Chapter 4 - Expressions (EXP)
Weaknesses in this category are related to rules in the Expressions (EXP) chapter of The CERT Oracle Secure Coding Standard for Java (2011).
4 weaknesses CAT-848The CERT Oracle Secure Coding Standard for Java (2011) Chapter 5 - Numeric Types and Operations (NUM)
Weaknesses in this category are related to rules in the Numeric Types and Operations (NUM) chapter of The CERT Oracle Secure Coding…
3 weaknesses CAT-849The CERT Oracle Secure Coding Standard for Java (2011) Chapter 6 - Object Orientation (OBJ)
Weaknesses in this category are related to rules in the Object Orientation (OBJ) chapter of The CERT Oracle Secure Coding Standard for…
10 weaknesses CAT-850The CERT Oracle Secure Coding Standard for Java (2011) Chapter 7 - Methods (MET)
Weaknesses in this category are related to rules in the Methods (MET) chapter of The CERT Oracle Secure Coding Standard for Java (2011).
8 weaknesses CAT-851The CERT Oracle Secure Coding Standard for Java (2011) Chapter 8 - Exceptional Behavior (ERR)
Weaknesses in this category are related to rules in the Exceptional Behavior (ERR) chapter of The CERT Oracle Secure Coding Standard for…
15 weaknesses CAT-852The CERT Oracle Secure Coding Standard for Java (2011) Chapter 9 - Visibility and Atomicity (VNA)
Weaknesses in this category are related to rules in the Visibility and Atomicity (VNA) chapter of The CERT Oracle Secure Coding Standard…
6 weaknesses CAT-136Type Errors
Weaknesses in this category are caused by improper data type transformation or improper handling of multiple data types.
3 weaknesses CAT-355User Interface Security Issues
Weaknesses in this category are related to or introduced in the User Interface (UI).
8 weaknesses CAT-1217User Session Errors
Weaknesses in this category are related to session management. Frequently these deal with the information or status about each user and…
3 weaknesses CAT-1019Validate Inputs
Weaknesses in this category are related to the design and architecture of a system's input validation components. Frequently these deal…
39 weaknesses CAT-1020Verify Message Integrity
Weaknesses in this category are related to the design and architecture of a system's data integrity components. Frequently these deal with…
10 weaknesses
Don't Let Security
Weigh You Down.
Stop choosing between AI velocity and security debt. Plexicus is the only platform that runs Vibe Coding Security and ASPM in parallel — one workflow, every codebase.