BETA Shoulder ist in der Beta — Befunde können manchmal falsch sein. Dein Feedback bestimmt, was wir als Nächstes beheben. Feedback teilen
Shoulder.dev

Bedrohungsintelligenz für Entwickler

OWASP Top 10 2025

Die OWASP Top 10 ist das Standard-Referenzdokument für Webanwendungssicherheit. Es repräsentiert einen breiten Konsens über die kritischsten Sicherheitsrisiken für Webanwendungen.

Version: 2025 2021
10 Kategorien
221 Zugeordnete CWEs
#1 🔓

Broken Access Control

Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification, or destruction of data. Now includes SSRF.

35 CWEs 57 Regeln 13 kritisch
#2 ⚙️

Security Misconfiguration

The application might be vulnerable if it is missing appropriate security hardening or has improperly configured permissions on cloud services.

20 CWEs 18 Regeln
#3 📦

Software Supply Chain Failures

Expanded from 'Vulnerable and Outdated Components' to address broader supply chain risks including unknown vulnerabilities introduced by third-parties, compromised packages, and build system attacks.

9 CWEs 9 Regeln
#4 🔐

Cryptographic Failures

Failures related to cryptography which often lead to sensitive data exposure. This includes using weak algorithms, improper key management, and missing encryption.

31 CWEs 35 Regeln 8 kritisch
#5 💉

Injection

Injection flaws occur when an application sends hostile data to an interpreter. This includes SQL, NoSQL, OS command, ORM, LDAP, and Expression Language injection.

33 CWEs 49 Regeln 16 kritisch
#6 📐

Insecure Design

Insecure design is a broad category representing different weaknesses, expressed as missing or ineffective control design. This is distinct from implementation flaws.

40 CWEs 18 Regeln 1 kritisch
#7 🔑

Authentication Failures

Confirmation of the user's identity, authentication, and session management is critical to protect against authentication-related attacks.

21 CWEs 26 Regeln 2 kritisch
#8

Data Integrity Failures

Data integrity failures relate to code and infrastructure that does not protect against integrity violations, including insecure deserialization and unsigned updates.

10 CWEs 11 Regeln 3 kritisch
#9 📊

Security Logging and Alerting Failures

This category helps detect, escalate, and respond to active breaches. Without logging and alerting, breaches cannot be detected in time to respond.

5 CWEs 10 Regeln
#10 ⚠️

Mishandling of Exceptional Conditions

A new category containing 24 CWEs focusing on improper error handling, logical errors, failing open, and other scenarios stemming from abnormal conditions that systems may encounter.

24 CWEs 15 Regeln 1 kritisch

OWASP Top 10 Schwachstellen scannen

Shoulder erkennt Muster in mehreren OWASP-Kategorien. Führen Sie einen Scan durch, um Probleme in Ihrem Code zu finden.

npx @shoulderdev/cli trust . Bedrohungszentrum →