2013 年版 Klocwork Java チェッカーにマッピングされた OWASP セキュリティリスクのトップ 10

ID チェッカー名
A1 Injection

ANDROID.LIFECYCLE.SV.GETEXTRA

SV.DATA.BOUND

SV.DATA.DB

SV.EXEC

SV.PATH.INJ

SV.SQL

SV.SQL.DBSOURCE

A2 Broken Authentication and Session Management

SV.EXEC.DIR

SV.EXEC.ENV

SV.LDAP

SV.TMPFILE

A3 Cross-Site Scripting (XSS)

SV.XSS.DB

SV.XSS.REF

A4 Insecure Direct Object References

SV.PATH

A5 Security Misconfiguration

ECC.EMPTY

EXC.BROADTHROWS

JD.CATCH

JD.FINRET

JD.UNCAUGHT

SV.IL.DEV

SV.IL.FILE

UMC.SYSERR

UMC.SYSOUT

A6 Sensitive Data Exposure

SV.PASSWD.HC

SV.PASSWD.HC.EMPTY

SV.PASSWD.PLAIN

SV.RANDOM

SV.SENSITIVE.DATA

SV.SENSITIVE.OBJ

A8 Cross-Site Request Forgery (CSRF)

SV.CSRF.GET

SV.CSRF.ORIGIN

SV.CSRF.TOKEN

A10 Unvalidated Redirects and Forwards

SV.EMAIL

SV.HTTP_SPLIT

SV.LOG_FORGING

SV.TAINT

SV.TAINT_NATIVE

SV.XPATH

サポートのサマリー:

  • 8 規則