[Owasp-board] Using CWE / CVE in OWASP Top 10 2007

Steven M. Christey coley at linus.mitre.org
Mon Jan 29 21:49:43 UTC 2007

Hi Andrew,

I am definitely interested in reviewing the full document.

Feel free to link to the CVE pages; the links you gave are proper.

Note that individual CWE nodes can also be referenced, if you would like
to do that.  For example, PHP File Inclusion (CWE-98) is here:


And relative path traversal is CWE-23

Let me know if OWASP is interested in referencing the CWE's; I could help
with the mapping.  It would be a good exercise for CWE anyway, since I
suspect the attack-based nature of web app vulns might not mesh with CWE

The full CWE dictionary is at http://cwe.mitre.org/data/dictionary.html ,
or it could be downloaded.

FYI - for the PHP chapter you included, you might want to mention the
Hardened PHP project and Suhosin.  I also noticed a few typos.

- Steve

More information about the Owasp-board mailing list