2/8/23, 12:51 PM Vulnerability template | OWASP Foundation

Please support the OWASP mission to improve software security through open
source initiatives and community education. Donate Now! 


Store Donate Join
PROJECTS CHAPTERS  Store Donate
Search OWASP 
EVENTS ABOUT
 WatchJoin
Vulnerability template 137  Star 849

Thank you for visiting OWASP.org. We recently The OWASP® Foundation

migrated our community to a new web platform works to improve the
and regretably the content for this page needed to security of software
be programmatically ported from its previous wiki through its community-led
page. There’s still some work to be done. open source software
projects, hundreds of
Every Vulnerability should follow this template. chapters worldwide, tens of
thousands of members,
Description and by hosting local and
A vulnerability is a weakness in an application global conferences.
(frequently a broken or missing control) that enables
an attack to succeed. Be sure you don’t put [attacks]
Important
or [controls] in this category.
Community Links
1. Start with a one-sentence description of the Community
vulnerability Attacks
2. What is the problem that creates the Vulnerabilities (You are
vulnerability? here)
3. What are the attacks that target this Controls
vulnerability?
4. What are the technical impacts of this
vulnerability?
Upcoming OWASP
Global Events
Risk Factors x
This website uses cookies to analyze our traffic and only OWASP Global AppSec
Accept
share that information with our analytics partners. Dublin 2023

https://owasp.org/www-community/vulnerabilities/Vulnerability_template 1/5
2/8/23, 12:51 PM Vulnerability template | OWASP Foundation

Talk about the factors that make this vulnerability February 13-16, 2023
likely or unlikely to actually happen OWASP Global AppSec
Discuss the technical impact of a successful Washington DC 2023
exploit of this vulnerability October 30 - November
Consider the likely [business impacts] of a 3, 2023
successful attack
OWASP Global AppSec
San Francisco 2024
Examples
September 23-27, 2024
Short example name
OWASP Global AppSec
- A short example description, small picture, or sample Washington DC 2025
code with links
November 3-7, 2025
Short example name OWASP Global AppSec
- A short example description, small picture, or sample San Francisco 2026
code with links November 2-6, 2026

Related Attacks
Attack 1
Attack 2

Related Vulnerabilities
Vulnerability 1
Vulnerabiltiy 2

Note: the contents of “Related Problems” sections

should be placed here

Related Controls
Control 1
Control 2

Note: contents of “Avoidance and Mitigation” and x

This website uses cookies to analyze our traffic and only
“Countermeasure” related Sections should be placed Accept
share that information with our analytics partners.
here
https://owasp.org/www-community/vulnerabilities/Vulnerability_template 2/5
2/8/23, 12:51 PM Vulnerability template | OWASP Foundation

Related Technical Impacts

Technical Impact 1
Technical Impact 2

References
Note: A reference to related CWE or CAPEC article
should be added when exists. Eg:

CWE 79.
http://www.link1.com
Title for the link2

In addition, one should classify vulnerability based on

the following subcategories: Ex:
[[Category:Error_Handling_Vulnerability|Category:Err
or Handling Vulnerability]]

Availability Vulnerability
Authorization Vulnerability

Authentication Vulnerability

Concurrency Vulnerability

Configuration Vulnerability
Cryptographic Vulnerability

Encoding Vulnerability

Error Handling Vulnerability

Input Validation Vulnerability

Logging and Auditing Vulnerability

Session Management Vulnerability

NOTOC

ThisEdit
website uses cookies to analyze our traffic and only x
on GitHub Accept
share that information with our analytics partners.

https://owasp.org/www-community/vulnerabilities/Vulnerability_template 3/5
2/8/23, 12:51 PM Vulnerability template | OWASP Foundation

Spotlight: Corellium

Corellium helps developer and security teams build, test, and secure mobile devices and apps
through the power of virtualization. Our Arm-native virtualization platform is used by businesses,
agencies and security communities around the world to strengthen security testing and streamline
DevSecOps. With highly performant, scalable, and accurate virtual devices, Corellium
dramatically accelerates mobile R&D and enables never-before-possible security research and
penetration testing. Visit Corellium.com for a free trial.

Corporate Supporters

Become a corporate supporter

HOME PROJECTS CHAPTERS EVENTS ABOUT 

PRIVACY SITEMAP CONTACT
This website uses cookies to analyze our traffic and only x
OWASP, Open Web Application Security Project, and Global AppSec are registeredAccept
trademarks and AppSec
share that information with our analytics partners.
Days, AppSec California, AppSec Cali, SnowFROC, LASCON, and the OWASP logo are trademarks of the

https://owasp.org/www-community/vulnerabilities/Vulnerability_template 4/5
2/8/23, 12:51 PM Vulnerability template | OWASP Foundation

OWASP Foundation, Inc. Unless otherwise specified, all content on the site is Creative Commons Attribution-
ShareAlike v4.0 and provided without warranty of service or accuracy. For more information, please refer to our
General Disclaimer. OWASP does not endorse or recommend commercial products or services, allowing our
community to remain vendor neutral with the collective wisdom of the best minds in software security
worldwide. Copyright 2023, OWASP Foundation, Inc.

This website uses cookies to analyze our traffic and only x

Accept
share that information with our analytics partners.

https://owasp.org/www-community/vulnerabilities/Vulnerability_template 5/5