BETA Shoulder jest w wersji beta — Wyniki mogą czasami być błędne. Twoja opinia kształtuje to, co naprawimy w następnej kolejności. Podziel się opinią
Shoulder.dev

Platforma Bezpieczenstwa dla Programistow

OWASP Top 10 2025

OWASP Top 10 to standardowy dokument swiadomosci bezpieczenstwa aplikacji webowych. Reprezentuje szeroki konsensus dotyczacy najkrytyczniejszych zagrozen bezpieczenstwa dla aplikacji webowych.

Wersja: 2025 2021
10 Kategorie
221 Zmapowane CWE
#1 🔓

Broken Access Control

Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification, or destruction of data. Now includes SSRF.

35 CWE 57 reguly 13 krytyczny
#2 ⚙️

Security Misconfiguration

The application might be vulnerable if it is missing appropriate security hardening or has improperly configured permissions on cloud services.

20 CWE 18 reguly
#3 📦

Software Supply Chain Failures

Expanded from 'Vulnerable and Outdated Components' to address broader supply chain risks including unknown vulnerabilities introduced by third-parties, compromised packages, and build system attacks.

9 CWE 9 reguly
#4 🔐

Cryptographic Failures

Failures related to cryptography which often lead to sensitive data exposure. This includes using weak algorithms, improper key management, and missing encryption.

31 CWE 35 reguly 8 krytyczny
#5 💉

Injection

Injection flaws occur when an application sends hostile data to an interpreter. This includes SQL, NoSQL, OS command, ORM, LDAP, and Expression Language injection.

33 CWE 49 reguly 16 krytyczny
#6 📐

Insecure Design

Insecure design is a broad category representing different weaknesses, expressed as missing or ineffective control design. This is distinct from implementation flaws.

40 CWE 18 reguly 1 krytyczny
#7 🔑

Authentication Failures

Confirmation of the user's identity, authentication, and session management is critical to protect against authentication-related attacks.

21 CWE 26 reguly 2 krytyczny
#8

Data Integrity Failures

Data integrity failures relate to code and infrastructure that does not protect against integrity violations, including insecure deserialization and unsigned updates.

10 CWE 11 reguly 3 krytyczny
#9 📊

Security Logging and Alerting Failures

This category helps detect, escalate, and respond to active breaches. Without logging and alerting, breaches cannot be detected in time to respond.

5 CWE 10 reguly
#10 ⚠️

Mishandling of Exceptional Conditions

A new category containing 24 CWEs focusing on improper error handling, logical errors, failing open, and other scenarios stemming from abnormal conditions that systems may encounter.

24 CWE 15 reguly 1 krytyczny

Skanuj pod katem Podatnosci OWASP Top 10

Shoulder wykrywa wzorce w wielu kategoriach OWASP. Uruchom skan, aby znalezc problemy w swoim kodzie.

npx @shoulderdev/cli trust . Centrum Zagrozen →