BETA Shoulder está en beta — Los hallazgos a veces pueden ser incorrectos. Tu feedback da forma a lo que arreglamos a continuación. Compartir comentarios
Shoulder.dev

Inteligencia de Amenazas para Desarrolladores

OWASP Top 10 2025

El OWASP Top 10 es el documento de concienciación estándar para seguridad de aplicaciones web. Representa un amplio consenso sobre los riesgos de seguridad más críticos para aplicaciones web.

Versión: 2025 2021
10 Categorías
221 CWEs Mapeados
#1 🔓

Broken Access Control

Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification, or destruction of data. Now includes SSRF.

35 CWEs 57 reglas 13 crítico
#2 ⚙️

Security Misconfiguration

The application might be vulnerable if it is missing appropriate security hardening or has improperly configured permissions on cloud services.

20 CWEs 18 reglas
#3 📦

Software Supply Chain Failures

Expanded from 'Vulnerable and Outdated Components' to address broader supply chain risks including unknown vulnerabilities introduced by third-parties, compromised packages, and build system attacks.

9 CWEs 9 reglas
#4 🔐

Cryptographic Failures

Failures related to cryptography which often lead to sensitive data exposure. This includes using weak algorithms, improper key management, and missing encryption.

31 CWEs 35 reglas 8 crítico
#5 💉

Injection

Injection flaws occur when an application sends hostile data to an interpreter. This includes SQL, NoSQL, OS command, ORM, LDAP, and Expression Language injection.

33 CWEs 49 reglas 16 crítico
#6 📐

Insecure Design

Insecure design is a broad category representing different weaknesses, expressed as missing or ineffective control design. This is distinct from implementation flaws.

40 CWEs 18 reglas 1 crítico
#7 🔑

Authentication Failures

Confirmation of the user's identity, authentication, and session management is critical to protect against authentication-related attacks.

21 CWEs 26 reglas 2 crítico
#8

Data Integrity Failures

Data integrity failures relate to code and infrastructure that does not protect against integrity violations, including insecure deserialization and unsigned updates.

10 CWEs 11 reglas 3 crítico
#9 📊

Security Logging and Alerting Failures

This category helps detect, escalate, and respond to active breaches. Without logging and alerting, breaches cannot be detected in time to respond.

5 CWEs 10 reglas
#10 ⚠️

Mishandling of Exceptional Conditions

A new category containing 24 CWEs focusing on improper error handling, logical errors, failing open, and other scenarios stemming from abnormal conditions that systems may encounter.

24 CWEs 15 reglas 1 crítico

Escanear Vulnerabilidades OWASP Top 10

Shoulder detecta patrones en múltiples categorías OWASP. Ejecuta un escaneo para encontrar problemas en tu código.

npx @shoulderdev/cli trust . Centro de Amenazas →