Version: 2.1
Purpose: External standards and regulations referenced by the checklists.
| Standard | Scope | Relevance |
|---|---|---|
| ISO 27001 | Information Security Management | Audit logging, access control |
| NIS2 | Critical Infrastructure Security | Security events, incident response |
| CWE | Common Weakness Enumeration | Vulnerability classification |
| OWASP | Web Application Security | Input validation, injection prevention |
| GDPR | Data Protection | PII handling, logging restrictions |
The security checklists reference specific CWE entries:
| CWE | Name | Category |
|---|---|---|
| CWE-20 | Input Validation | Input |
| CWE-22 | Path Traversal | Input |
| CWE-78 | Command Injection | Input |
| CWE-79 | XSS | Output |
| CWE-89 | SQL Injection | Input |
| CWE-94 | Code Injection | Input |
| CWE-190 | Integer Overflow | Arithmetic |
| CWE-208 | Timing Attack | Crypto |
| CWE-209 | Error Message Disclosure | Output |
| CWE-294 | Replay Attack | Crypto |
| CWE-300 | Channel Manipulation | Network |
| CWE-316 | Memory Exposure | Memory |
| CWE-323 | Nonce Reuse | Crypto |
| CWE-330 | Weak RNG | Crypto |
| CWE-352 | CSRF | Web |
| CWE-362 | Race Condition | Concurrency |
| CWE-384 | Session Fixation | Web |
| CWE-400 | Resource Exhaustion | DoS |
| CWE-434 | File Upload | Input |
| CWE-476 | Null Pointer | Memory |
| CWE-532 | Log Exposure | Logging |
| CWE-601 | Open Redirect | Web |
| CWE-667 | Lock Issues | Concurrency |
| CWE-772 | Resource Leak | Memory |
| CWE-833 | Deadlock | Concurrency |
| CWE-862 | Missing Authorization | Access Control |
Version: 2.1 (Split)
Author: Wolfgang van der Stille