Skip to content

v5.0.0 - Complete 6-Framework Coverage + CWE-362/CWE-840

Choose a tag to compare

@OmarRao OmarRao released this 23 Jun 20:41

VulnBank v5.0.0 - Complete 6-Framework Coverage + New Vulnerability Classes

6-Framework Annotation Standard

Every vulnerability in every file now annotated with:

  • CWE identifier
  • MITRE ATT&CK v14 technique
  • OWASP Top 10 / API Security / LLM Top 10
  • PCI DSS v4.0 requirements
  • NIST SP 800-53 Rev 5 controls
  • SANS/CWE Top 25 (2023) rankings
  • ISO 27001:2022 Annex A controls (NEW)

Files Annotated in v5.0.0

  • config.py, models.py
  • api/auth.py, accounts.py, admin.py, files.py, loans.py, payments.py, reports.py, transactions.py, users.py
  • jobs/scheduled.py
  • utils/formatters.py, validators.py

New Vulnerability Classes

  • CWE-362: Race condition/TOCTOU on /api/transfer/bulk (double-spend via concurrent requests)
  • CWE-840: Business logic flaw on /api/transfer/negative (negative amount balance theft)

ISO 27001:2022 Coverage

11 Annex A controls mapped including A.8.28 (Secure coding), A.5.17 (Authentication info), A.8.24 (Cryptography), A.8.3 (Access restriction), A.8.20 (Network security)