Vulnerability Categories
The vulnerabilities found in the OWASP Juice Shop are categorized into several different classes. Most of them cover different risk or vulnerabiliy types from well-known lists or documents, such as OWASP Top 10 or MITRE's Common Weakness Enumeration. The following table presents a mapping of the Juice Shop's categories to OWASP and CWE (without claiming to be complete).
Category Mappings
| Category | OWASP | CWE |
|---|---|---|
| Injection | A1:2017 | CWE-74 |
| Broken Authentication | A2:2017 | CWE-287, CWE-352 |
| Forgotten Content | OTG-CONFIG-004 | |
| Roll your own Security | A10:2017 | CWE-326, CWE-601 |
| Sensitive Data Exposure | A3:2017 | CWE-200, CWE-327, CWE-328, CWE-548 |
| XML External Entities (XXE) | A4:2017 | CWE-611 |
| Improper Input Validation | ASVS V5 | CWE-20 |
| Broken Access Control | A5:2017 | CWE-22, CWE-285, CWE-639 |
| Security Misconfiguration | A6:2017 | CWE-209 |
| Cross Site Scripting (XSS) | A7:2017 | CWE-79 |
| Insecure Deserialization | A8:2017 | CWE-502 |
| Vulnerable Components | A9:2017 | |
| Security through Obscurity | CWE-656 | |
| Race Condition | OWASP-AT-010) | CWE-362 |