[1] Standards Mapping - CIS Azure Kubernetes Service Benchmark
4[2] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark
4[3] Standards Mapping - CIS Amazon Web Services Foundations Benchmark
3[4] Standards Mapping - CIS Google Kubernetes Engine Benchmark
normal[5] Standards Mapping - Common Weakness Enumeration
CWE ID 97, CWE ID 98, CWE ID 494[6] Standards Mapping - Common Weakness Enumeration Top 25 2019
[18] CWE ID 094[7] Standards Mapping - Common Weakness Enumeration Top 25 2020
[17] CWE ID 094[8] Standards Mapping - Common Weakness Enumeration Top 25 2022
[25] CWE ID 094[9] Standards Mapping - Common Weakness Enumeration Top 25 2023
[23] CWE ID 094[10] Standards Mapping - DISA Control Correlation Identifier Version 2
CCI-001167, CCI-002754[11] Standards Mapping - FIPS200
SI[12] Standards Mapping - General Data Protection Regulation (GDPR)
Indirect Access to Sensitive Data[13] Standards Mapping - NIST Special Publication 800-53 Revision 4
SI-10 Information Input Validation (P1), SC-18 Mobile Code (P2)[14] Standards Mapping - NIST Special Publication 800-53 Revision 5
SI-10 Information Input Validation, SC-18 Mobile Code[15] Standards Mapping - OWASP Top 10 2004
A1 Unvalidated Input[16] Standards Mapping - OWASP Top 10 2007
A3 Malicious File Execution[17] Standards Mapping - OWASP Top 10 2010
A1 Injection[18] Standards Mapping - OWASP Top 10 2013
A1 Injection[19] Standards Mapping - OWASP Top 10 2017
A1 Injection[20] Standards Mapping - OWASP Top 10 2021
A03 Injection[21] Standards Mapping - OWASP Application Security Verification Standard 4.0
1.14.2 Configuration Architectural Requirements (L2 L3), 5.2.5 Sanitization and Sandboxing Requirements (L1 L2 L3), 5.2.8 Sanitization and Sandboxing Requirements (L1 L2 L3), 5.3.6 Output Encoding and Injection Prevention Requirements (L1 L2 L3), 5.3.9 Output Encoding and Injection Prevention Requirements (L1 L2 L3), 10.3.2 Deployed Application Integrity Controls (L1 L2 L3), 12.3.2 File Execution Requirements (L1 L2 L3), 12.3.3 File Execution Requirements (L1 L2 L3), 12.3.6 File Execution Requirements (L2 L3), 14.2.3 Dependency (L1 L2 L3), 14.2.4 Dependency (L2 L3)[22] Standards Mapping - OWASP Mobile 2014
M1 Weak Server Side Controls[23] Standards Mapping - OWASP Mobile 2024
M4 Insufficient Input/Output Validation[24] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1
Requirement 6.5.1[25] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2
Requirement 6.3.1.1, Requirement 6.5.3[26] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0
Requirement 6.5.8[27] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0
Requirement 6.5.8[28] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2
Requirement 6.5.8[29] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1
Requirement 6.5.8[30] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1
Requirement 6.5.8[31] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0
Requirement 6.2.4[32] Standards Mapping - Payment Card Industry Software Security Framework 1.0
Control Objective 4.2 - Critical Asset Protection, Control Objective 5.4 - Authentication and Access Control[33] Standards Mapping - Payment Card Industry Software Security Framework 1.1
Control Objective 4.2 - Critical Asset Protection, Control Objective 5.4 - Authentication and Access Control, Control Objective B.3.1 - Terminal Software Attack Mitigation, Control Objective B.3.1.1 - Terminal Software Attack Mitigation[34] Standards Mapping - Payment Card Industry Software Security Framework 1.2
Control Objective 4.2 - Critical Asset Protection, Control Objective 5.4 - Authentication and Access Control, Control Objective B.3.1 - Terminal Software Attack Mitigation, Control Objective B.3.1.1 - Terminal Software Attack Mitigation, Control Objective C.3.2 - Web Software Attack Mitigation[35] Standards Mapping - SANS Top 25 2009
Risky Resource Management - CWE ID 094[36] Standards Mapping - SANS Top 25 2010
Risky Resource Management - CWE ID 098[37] Standards Mapping - SANS Top 25 2011
Risky Resource Management - CWE ID 494[38] Standards Mapping - Security Technical Implementation Guide Version 3.1
APP3510 CAT I[39] Standards Mapping - Security Technical Implementation Guide Version 3.4
APP3510 CAT I, APP3600 CAT II[40] Standards Mapping - Security Technical Implementation Guide Version 3.5
APP3510 CAT I, APP3600 CAT II[41] Standards Mapping - Security Technical Implementation Guide Version 3.6
APP3510 CAT I, APP3600 CAT II[42] Standards Mapping - Security Technical Implementation Guide Version 3.7
APP3510 CAT I, APP3600 CAT II[43] Standards Mapping - Security Technical Implementation Guide Version 3.9
APP3510 CAT I, APP3600 CAT II[44] Standards Mapping - Security Technical Implementation Guide Version 3.10
APP3510 CAT I, APP3600 CAT II[45] Standards Mapping - Security Technical Implementation Guide Version 4.1
APSC-DV-002560 CAT I, APSC-DV-003300 CAT II[46] Standards Mapping - Security Technical Implementation Guide Version 4.2
APSC-DV-002560 CAT I, APSC-DV-003300 CAT II[47] Standards Mapping - Security Technical Implementation Guide Version 4.3
APSC-DV-002560 CAT I, APSC-DV-003300 CAT II[48] Standards Mapping - Security Technical Implementation Guide Version 4.4
APSC-DV-002560 CAT I, APSC-DV-003300 CAT II[49] Standards Mapping - Security Technical Implementation Guide Version 4.5
APSC-DV-002560 CAT I, APSC-DV-003300 CAT II[50] Standards Mapping - Security Technical Implementation Guide Version 4.6
APSC-DV-002560 CAT I, APSC-DV-003300 CAT II[51] Standards Mapping - Security Technical Implementation Guide Version 4.7
APSC-DV-002560 CAT I, APSC-DV-003300 CAT II[52] Standards Mapping - Security Technical Implementation Guide Version 4.8
APSC-DV-002560 CAT I, APSC-DV-003300 CAT II[53] Standards Mapping - Security Technical Implementation Guide Version 4.9
APSC-DV-002560 CAT I, APSC-DV-003300 CAT II[54] Standards Mapping - Security Technical Implementation Guide Version 4.10
APSC-DV-002560 CAT I, APSC-DV-003300 CAT II[55] Standards Mapping - Security Technical Implementation Guide Version 4.11
APSC-DV-002560 CAT I, APSC-DV-003300 CAT II[56] Standards Mapping - Security Technical Implementation Guide Version 5.1
APSC-DV-002560 CAT I, APSC-DV-003300 CAT II[57] Standards Mapping - Security Technical Implementation Guide Version 5.2
APSC-DV-002560 CAT I, APSC-DV-003300 CAT II[58] Standards Mapping - Security Technical Implementation Guide Version 5.3
APSC-DV-002530 CAT II, APSC-DV-002560 CAT I, APSC-DV-003300 CAT II[59] Standards Mapping - Web Application Security Consortium Version 2.00
Remote File Inclusion (RFI) (WASC-05)