Vulnerability Categories

The vulnerabilities found in the OWASP Juice Shop are categorized into several different classes. Most of them cover different risk or vulnerability types from well-known lists or documents, such as OWASP Top 10, OWASP ASVS, OWASP Automated Threat Handbook, OWASP API Security Top 10 and OWASP Top 10 Privacy Risks or MITRE's Common Weakness Enumeration. The following table presents a mapping of the Juice Shop's categories to OWASP, CWE and WASC threats, risks and attacks (without claiming to be complete).

Category breakdown

Category Mappings

Broken Access Control A1:2021, API1:2019, API5:2019 CWE-22, CWE-285, CWE-639, CWE-918 WASC-02, WASC-09, WASC-16
Broken Anti-Automation OWASP-AT-004, API4:2019, OWASP-AT-010, OAT-009, OAT-015, OAT-008 CWE-362 WASC-11, WASC-21
Broken Authentication A7:2021, API2:2019, P6:2021 CWE-287, CWE-352 WASC-01, WASC-49
Cross Site Scripting (XSS) A3:2021, A7:2017 CWE-79 WASC-8
Cryptographic Issues A2:2021 CWE-326, CWE-327, CWE-328, CWE-950 -
Improper Input Validation ASVS V5, API6:2019 CWE-20 WASC-20
Injection A3:2021, API8:2019, P1:2021 CWE-74, CWE-89 WASC-19, WASC-28, WASC-31
Insecure Deserialization A8:2021, A8:2017 CWE-502 -
Miscellaneous P5:2021 - -
Security Misconfiguration A5:2021, A9:2021, API7:2019, API9:2019, API10:2019 CWE-209 WASC-14, WASC-15
Security through Obscurity A4:2021, P5:2021 CWE-656 -
Sensitive Data Exposure A3:2017, API3:2019, OTG-CONFIG-004, P2:2021 CWE-200, CWE-530, CWE-548 WASC-13
Unvalidated Redirects A10:2013 CWE-601 WASC-38
Vulnerable Components A6:2021 CWE-829, CWE-506, CWE-1104 -
XML External Entities (XXE) A5:2021, A4:2017 CWE-611 WASC-43

results matching ""

    No results matching ""