OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access
Category ID: 721 (Category)Status: Incomplete
+ Description

Description Summary

Weaknesses in this category are related to the A10 category in the OWASP Top Ten 2007.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ParentOfWeakness ClassWeakness Class285Improper Access Control (Authorization)
Weaknesses in OWASP Top Ten (2007) (primary)629
ParentOfWeakness BaseWeakness Base288Authentication Bypass Using an Alternate Path or Channel
Weaknesses in OWASP Top Ten (2007) (primary)629
ParentOfWeakness BaseWeakness Base425Direct Request ('Forced Browsing')
Weaknesses in OWASP Top Ten (2007) (primary)629
MemberOfViewView629Weaknesses in OWASP Top Ten (2007)
Weaknesses in OWASP Top Ten (2007) (primary)629
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
1Accessing Functionality Not Properly Constrained by ACLs
56Removing/short-circuiting 'guard logic'
+ References
OWASP. "Top 10 2007-Failure to Restrict URL Access". 2007. <http://www.owasp.org/index.php/Top_10_2007-A10>.
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2008-09-09MITREInternal CWE Team
Modifications
Modification DateModifierOrganizationSource
2009-12-28CWE Content TeamMITREInternal
updated Related Attack Patterns