v5.0.0 - Complete 6-Framework Coverage + CWE-362/CWE-840
VulnBank v5.0.0 - Complete 6-Framework Coverage + New Vulnerability Classes
6-Framework Annotation Standard
Every vulnerability in every file now annotated with:
- CWE identifier
- MITRE ATT&CK v14 technique
- OWASP Top 10 / API Security / LLM Top 10
- PCI DSS v4.0 requirements
- NIST SP 800-53 Rev 5 controls
- SANS/CWE Top 25 (2023) rankings
- ISO 27001:2022 Annex A controls (NEW)
Files Annotated in v5.0.0
- config.py, models.py
- api/auth.py, accounts.py, admin.py, files.py, loans.py, payments.py, reports.py, transactions.py, users.py
- jobs/scheduled.py
- utils/formatters.py, validators.py
New Vulnerability Classes
- CWE-362: Race condition/TOCTOU on /api/transfer/bulk (double-spend via concurrent requests)
- CWE-840: Business logic flaw on /api/transfer/negative (negative amount balance theft)
ISO 27001:2022 Coverage
11 Annex A controls mapped including A.8.28 (Secure coding), A.5.17 (Authentication info), A.8.24 (Cryptography), A.8.3 (Access restriction), A.8.20 (Network security)