CWEVIEWSCWEVIEWSCWEUSAGESCENARIOS|STAKEHOLDERANALYSIS|VIEWSUSERISSUES/QUESTIONSISTHISTHERIGHTVIEW?WHATARETHEOTHERS?ISTHENAVIGATION/STRUCTURENATURAL?DOESITALLOWMETOEASILYFINDWHATI'MLOOKINGFOR?TYPESOFVIEWSLISTS:SIMPLELISTSOFCWENODESFORASPECIALIZEDPURPOSE.ORGANIZATIONSCHEMES:HIERARCHICALOROTHERORGANIZATIONALSCHEMESTHATAREFORASPECIFICPURPOSE.VIEWSV1PROGRAMMINGLANGUAGE-SPECIFICWHENPROGRAMMINGORANALYZINGSPECIFICLANGUAGES(C,PERL,JAVA,ETC.),THESEARETHEISSUESOFWHICHYOUSHOULDBEAWARE.ALSO,RUNTIMEVS.COMPILED,ANDOTHERLANGUAGE-RELATEDCHARACTERISTICS.V2PLATFORM-SPECIFICWHENAPROGRAMISRUNONAPLATFORM(WINDOWS,UNIX,ETC.)ORINCERTAINENVIRONMENTS(32/64BIT,MULTI-PROCESSOR),THEREARECERTAINISSUESTHATSHOULDBECHECKEDFORINADDITIONTOTHEACTUALLANGUAGEUSED.E.G.,BACKSLASHESINPATHS,TRAILINGFILENAMEDOTS,CONCURRENCYV3TECHNOLOGY-SPECIFICISTHEWEAKNESSGENERIC,ORISITPRIMARILYASSOCIATEDWITH,ORDEPENDENTONACERTAINTECHNOLOGYCLASS:WEB,OS,DATABASE?V4COMMONWEAKNESSCHAINSWHENVIEWINGAWEAKNESS,ITISUSEFULTOKNOWRELATEDISSUES.THEPROPERFIXMAYNOTLIEINTHESAMEPLACEWHERETHERESULTISSEEN,SOFINDINGWEAKNESSTHEYCOMMONLYLEADTOORRESULTFROMAWEAKNESSISUSEFULTOSUPPORTPATCHINGANDVISUALIZEMOREABSTRACTWEAKNESSRELATIONSHIPS.V5TAXONOMY/CLASSIFICATIONFROMAMOREFORMALTAXONOMICPERSPECTIVE,THEMOSTAPPROPRIATEABSTRACTIONLEVELSFORVARIOUSWEAKNESSESMAYBEIMPORTANT.V6COMMONALITYHOWEASYISITFORSOMEONETOMAKETHISMISTAKE?HOWOFTENISTHISWEAKNESSSEEN?V7RISK/SEVERITY-BASEDCORRELATIONBYCWETOENSURETHATALL"HIGH"RISKWEAKNESSESHAVEBEENADDRESSED.V8FEATURE-SPECIFICFORACWE,ISITASSOCIATEDWITHOTHERPROGRAMMINGORSECURITYCONCEPTS?DOESITUSUALLYINVOLVEORREQUIREFEATURESSUCHASAUTHENTICATION,AUTHORIZATION,PERMISSIONS,FILEACCESS,ORTHREADING?V9RESOURCE-SPECIFICISTHEWEAKNESSASSOCIATEDWITHASPECIFICSYSTEMRESOURCESUCHASMEMORY,FILES,ORNETWORKSOCKETS?V10ATTACK-BASEDTYPICALLY,EXTERNALRESEARCHERSORAUDITORSMIGHTPERFORMTESTINGONTHERUNNINGCODE.ITTHISCASE,THEIRRESULTSWILLMOSTLIKELYBEDESCRIBEDASATTACKSORVULNERABILITIES.IFTHATISTHECASE,AVIEWSUPPORTINGTHECWESGROUPEDBYTHECAUSALVULNERABILITYAND/ORTRIGGERATTACKMAYBEUSEFUL.V11GENESISABREAKDOWNOFISSUESBASEDONWHICHSOFTWAREDEVELOPMENTPHASETHEYTYPICALLYOCCURIN,E.G.DESIGNORIMPLEMENTATION.XSCWECROSS-SECTIONASMALLSETOFDIVERSECWENODESTHATILLUSTRATESTHEBREADTHANDDEPTHOFCWE.SAMATESAMATESLICETHEPRIORITIZEDCWENODESTHATAREBEINGFOCUSEDONBYSAMATE.NVDNVDSLICETHESETOFCWENODESTHATNVDWILLUSETOCLASSIFYTHEIRENTRIES.SANSSANSSECUREPROGRAMMINGINFORMATIONTHESETOFCWENODESTHATSANS'SECUREPROGRAMMINGINITIATIVEISEMPHASIZINGFORDEVELOPERAWARENESS.OWASPOWASPTOPTENTHECWENODESASSOCIATEDWITHTHEOWASPTOPTEN.BACKTOTOPDOCUMENTVERSION:0.1DATE:SEPTEMBER12,2007THISISADRAFTDOCUMENT.ITISINTENDEDTOSUPPORTMAINTENANCEOFCWE,ANDTOEDUCATEANDSOLICITFEEDBACKFROMASPECIFICTECHNICALAUDIENCE.THISDOCUMENTDOESNOTREFLECTANYOFFICIALPOSITIONOFTHEMITRECORPORATIONORITSSPONSORS.COPYRIGHT©2007,THEMITRECORPORATION.ALLRIGHTSRESERVED.PERMISSIONISGRANTEDTOREDISTRIBUTETHISDOCUMENTIFTHISPARAGRAPHISNOTREMOVED.THISDOCUMENTISSUBJECTTOCHANGEWITHOUTNOTICE.MOREINFORMATIONISAVAILABLE—PLEASESELECTADIFFERENTFILTER.
