- Injection (SQL etc.)
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities (XXE)
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- Using Components with Known Vulnerabilities
- Insufficient Logging & Monitoring
- Cross-site Request Forgery (CSRF)
- Cross-site Websocket Hijacking (CSWSH)
- Open Redirect
- Path traversal
- File system paths
- API/HTTP proxies
- Use double encoding
%252eto bypass simple countermeasures
- window.opener Vulnerabilties
- Clickjacking
- Browser data not purged on logout
- Sensitive data stored in cookies, local storage, etc.
- Back button can retrieve cached data
- Publishing data originating from email
- HTTP Parameter pollution
- Pass multiple parameters with the same name
/?user=admin&user=some.user
- Pass multiple parameters with the same name
- Missing certificate validation for TLS
- Account enumeration
- Dependencies
- Hand-rolled encryption of any kind
- Impersonation / Log in as another user
- Login
- Logout
- Processing of uploaded files
- Proxying requests to other servers
- Serving up files specified by the user
- Websockets