BETA O Shoulder está em beta — Os resultados às vezes podem estar incorretos. Seu feedback molda o que corrigimos a seguir. Compartilhar feedback
Shoulder.dev

Inteligência de Ameaças para Desenvolvedores

OWASP Top 10 2025

O OWASP Top 10 é o documento de referência padrão para segurança de aplicações web. Ele representa um amplo consenso sobre os riscos de segurança mais críticos para aplicações web.

Versão: 2025 2021
10 Categorias
221 CWEs Mapeados
#1 🔓

Broken Access Control

Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification, or destruction of data. Now includes SSRF.

35 CWEs 57 regras 13 crítico
#2 ⚙️

Security Misconfiguration

The application might be vulnerable if it is missing appropriate security hardening or has improperly configured permissions on cloud services.

20 CWEs 18 regras
#3 📦

Software Supply Chain Failures

Expanded from 'Vulnerable and Outdated Components' to address broader supply chain risks including unknown vulnerabilities introduced by third-parties, compromised packages, and build system attacks.

9 CWEs 9 regras
#4 🔐

Cryptographic Failures

Failures related to cryptography which often lead to sensitive data exposure. This includes using weak algorithms, improper key management, and missing encryption.

31 CWEs 35 regras 8 crítico
#5 💉

Injection

Injection flaws occur when an application sends hostile data to an interpreter. This includes SQL, NoSQL, OS command, ORM, LDAP, and Expression Language injection.

33 CWEs 49 regras 16 crítico
#6 📐

Insecure Design

Insecure design is a broad category representing different weaknesses, expressed as missing or ineffective control design. This is distinct from implementation flaws.

40 CWEs 18 regras 1 crítico
#7 🔑

Authentication Failures

Confirmation of the user's identity, authentication, and session management is critical to protect against authentication-related attacks.

21 CWEs 26 regras 2 crítico
#8

Data Integrity Failures

Data integrity failures relate to code and infrastructure that does not protect against integrity violations, including insecure deserialization and unsigned updates.

10 CWEs 11 regras 3 crítico
#9 📊

Security Logging and Alerting Failures

This category helps detect, escalate, and respond to active breaches. Without logging and alerting, breaches cannot be detected in time to respond.

5 CWEs 10 regras
#10 ⚠️

Mishandling of Exceptional Conditions

A new category containing 24 CWEs focusing on improper error handling, logical errors, failing open, and other scenarios stemming from abnormal conditions that systems may encounter.

24 CWEs 15 regras 1 crítico

Escanear Vulnerabilidades OWASP Top 10

Shoulder detecta padrões em múltiplas categorias OWASP. Execute uma varredura para encontrar problemas no seu código.

npx @shoulderdev/cli trust . Centro de Ameaças →