[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Insufficient Encapsulation

ID: 485Date: (C)2012-05-14   (M)2017-11-07
Type: weaknessStatus: DRAFT
Abstraction Type: Class





Description

The product does not sufficiently encapsulate critical data or functionality.

Extended Description

Encapsulation is about drawing strong boundaries. In a web browser that might mean ensuring that your mobile code cannot be abused by other mobile code. On the server it might mean differentiation between validated data and unvalidated data, between one user's data and another's, or between data users are allowed to see and data that they are not.

Applicable Platforms
None

Time Of Introduction

  • Architecture and Design
  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Other
 
Varies by context
 
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
  Implement appropriate encapsulation to protect critical data or functionality.
 
  

Relationships

Related CWETypeViewChain
CWE-485 ChildOf CWE-895 Category CWE-888  

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
7 Pernicious Kingdoms  Encapsulation
 
 
CERT C++ Secure Coding OOP00-CPP
 
Declare data members private
 
 

References:
None

© 2013 SecPod Technologies