Skip to content

CWE-Specific Remediation Guidance

This directory contains 168 CWE-specific remediation guides with OWASP-aligned recommendations for fixing security vulnerabilities discovered by static and dynamic analysis tools.

Coverage

  • 168 CWEs: Remediation guidance organized by CWE
  • 42 CWEs: Detailed language-specific examples
  • 126 CWEs: Generic, language-agnostic remediation guidance
  • 201 language-specific pages: Examples across 10 languages

Browse CWE guidance:

  • CWE Guidance - 168 CWEs with remediation guidance for developers working from static analysis, dynamic analysis, penetration test, or code review findings.

Guidance Types

Generic Guidance (126 CWEs):

  • Language-agnostic remediation strategies
  • Common vulnerable patterns and secure patterns
  • Risk, remediation steps, and additional resources

Language-Specific Guidance (42 CWEs):

  • Detailed code examples for implementation-heavy vulnerabilities
  • Framework-specific guidance for common stacks
  • Testing and migration considerations where available

Generic Guidance Content

Each generic CWE guidance file includes:

  • Overview: What the vulnerability is
  • Risk: Severity and potential impact
  • OWASP Classification: Mapping to OWASP Top 10 2025
  • Primary Remediation: Core fix strategy
  • Secure Coding Practices: Input validation, output encoding, defense-in-depth
  • Language-Specific Guidance: High-level pointers for major languages
  • Additional Resources: Links to CWE, OWASP, and supporting documentation
  • Next Steps: Concrete action items

Language-Specific Guidance Content

Detailed language-specific guides include:

  • Vulnerable Patterns: Code examples showing the vulnerability
  • Secure Patterns: Code examples showing the fix
  • Framework-Specific Guidance: Spring, ASP.NET, Django, Express, etc.
  • Input Validation Patterns: Reusable validation code
  • Common Pitfalls: Mistakes developers make
  • Migration Considerations: Step-by-step refactoring guide
  • Security Checklist: Verification items

OWASP Alignment

All guidance aligns with OWASP recommendations:

  • OWASP Top 10 2025 classification included
  • OWASP Cheat Sheet Series patterns referenced
  • OWASP ESAPI principles followed
  • Defense in Depth emphasized throughout
  • Secure by Default approach recommended

Language Coverage

Language-Specific Guidance Available:

  • Java - 41 CWE guides with Spring, Jakarta EE, and JDBC examples
  • Python - 39 CWE guides with Django, Flask, and standard-library patterns
  • JavaScript - 37 CWE guides with Node.js, Express, browser, and framework examples
  • C# - 38 CWE guides with .NET Framework, .NET, and ASP.NET examples
  • Go - 21 CWE guides with standard-library and framework patterns
  • PHP - 20 CWE guides with core PHP and framework patterns
  • Perl - 2 CWE guides with selected vulnerability patterns
  • C, C++, and Ruby - selected low-level, memory-safety, and framework-specific examples

Generic Guidance applies to all languages with framework-agnostic remediation strategies

Usage Statistics

  • 168 CWEs with comprehensive remediation guidance
  • 42 CWEs with language-specific examples
  • 126 CWEs with generic guidance only
  • 201 language-specific guidance pages
  • 10 languages represented across detailed examples
  • OWASP Top 10 2025 coverage included

These counts are derived from the repository structure. Run python scripts/report-coverage.py --check after changing guidance folders or overview count claims.