CWE-711: Understanding CWE-711: OWASP Top Ten 2004 Perspective

The OWASP Top Ten, which was issued in 2004, is connected to the CWE entries visible in this graph. Compliance with PCI DSS version 1.1 necessitates adherence to this view. However, it is important to note that this view is now outdated, as a more recent version of the OWASP Top Ten is accessible.

The graph provided illustrates the hierarchical relationships between different levels of weaknesses. At the highest level, there are categories and pillars that group weaknesses together. Categories, which are not actual weaknesses themselves, serve as a way to group weaknesses with common characteristics. Pillars, on the other hand, represent weaknesses described in a highly abstract manner. Below these top-level entries, there are weaknesses at various levels of abstraction. Classes are still quite abstract and are typically not dependent on any specific language or technology. Base level weaknesses, on the other hand, represent more specific types of weaknesses. Variants are weaknesses that are described in very detailed terms, often restricted to a particular language or technology. A chain is a sequence of weaknesses that must be accessed consecutively to create an exploitable vulnerability, while a composite consists of a group of weaknesses that must all be present simultaneously to create an exploitable vulnerability.