베타 Shoulder는 베타 버전입니다 — 결과가 가끔 잘못될 수 있습니다. 여러분의 피드백이 다음에 무엇을 고칠지 결정합니다. 피드백 공유
Shoulder.dev

개발자를 위한 위협 인텔리전스

OWASP Top 10 2025

OWASP Top 10은 웹 애플리케이션 보안을 위한 표준 인식 문서입니다. 웹 애플리케이션에 가장 중요한 보안 위험에 대한 광범위한 합의를 나타냅니다.

버전: 2025 2021
10 카테고리
221 매핑된 CWE
#1 🔓

Broken Access Control

Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification, or destruction of data. Now includes SSRF.

35 CWE 57 규칙 13 치명적
#2 ⚙️

Security Misconfiguration

The application might be vulnerable if it is missing appropriate security hardening or has improperly configured permissions on cloud services.

20 CWE 18 규칙
#3 📦

Software Supply Chain Failures

Expanded from 'Vulnerable and Outdated Components' to address broader supply chain risks including unknown vulnerabilities introduced by third-parties, compromised packages, and build system attacks.

9 CWE 9 규칙
#4 🔐

Cryptographic Failures

Failures related to cryptography which often lead to sensitive data exposure. This includes using weak algorithms, improper key management, and missing encryption.

31 CWE 35 규칙 8 치명적
#5 💉

Injection

Injection flaws occur when an application sends hostile data to an interpreter. This includes SQL, NoSQL, OS command, ORM, LDAP, and Expression Language injection.

33 CWE 49 규칙 16 치명적
#6 📐

Insecure Design

Insecure design is a broad category representing different weaknesses, expressed as missing or ineffective control design. This is distinct from implementation flaws.

40 CWE 18 규칙 1 치명적
#7 🔑

Authentication Failures

Confirmation of the user's identity, authentication, and session management is critical to protect against authentication-related attacks.

21 CWE 26 규칙 2 치명적
#8

Data Integrity Failures

Data integrity failures relate to code and infrastructure that does not protect against integrity violations, including insecure deserialization and unsigned updates.

10 CWE 11 규칙 3 치명적
#9 📊

Security Logging and Alerting Failures

This category helps detect, escalate, and respond to active breaches. Without logging and alerting, breaches cannot be detected in time to respond.

5 CWE 10 규칙
#10 ⚠️

Mishandling of Exceptional Conditions

A new category containing 24 CWEs focusing on improper error handling, logical errors, failing open, and other scenarios stemming from abnormal conditions that systems may encounter.

24 CWE 15 규칙 1 치명적

OWASP Top 10 취약점 스캔

Shoulder는 여러 OWASP 카테고리에 걸쳐 패턴을 감지합니다. 스캔을 실행하여 코드의 문제를 찾으세요.

npx @shoulderdev/cli trust . 위협 센터 →