A1:2017-Exposed JS File (EJF): Having a .JS File exposed. This vulnerability would allow an attacker to expoit your webshell and upload a reverse shell onto the website. An example of this vulnerability in the wild can be seen here: https://doxbin.org/legacy/jquery.min.js
A2:2017-Exposed Login Page: Login page being accessible to the public. This should never be the case, as someone could login using it.
A3:2017-Having Subdomains: Many web applications might have subdomains (e.g. login.example.com, cdn.example.com). This is a vulnerability because it allows an attacker to visit your subdomains. An attacker could then possibly find a login page, which is another vulnerability.
A4:2017-Error Pages Enabled (EPE): Any type of error page (403, 404, 429) is con