Security Vulnerabilities

  1. Web Application Vulnerabilities
    1. Injection Vulnerabilities
      1. SQL Injection
        1. Classic SQL Injection
          1. Blind SQL Injection
            1. Boolean-Based Blind SQLi
              1. Time-Based Blind SQLi
              2. Union-Based SQL Injection
                1. Error-Based SQL Injection
                  1. Out-of-Band SQL Injection
                    1. Second-Order SQL Injection
                    2. NoSQL Injection
                      1. MongoDB Injection
                        1. CouchDB Injection
                          1. Cassandra Injection
                          2. Command Injection
                            1. OS Command Injection
                              1. Shell Command Injection
                                1. PowerShell Injection
                                2. LDAP Injection
                                  1. XPath Injection
                                    1. XML External Entity (XXE) Injection
                                      1. Classic XXE
                                        1. Blind XXE
                                          1. XXE via File Upload
                                            1. XXE via Modified Content Type
                                            2. Template Injection
                                              1. Server-Side Template Injection (SSTI)
                                                1. Client-Side Template Injection
                                                2. Expression Language Injection
                                                  1. Log Injection
                                                  2. Cross-Site Scripting (XSS)
                                                    1. Stored XSS
                                                      1. Database-Stored XSS
                                                        1. File-Stored XSS
                                                          1. DOM Storage XSS
                                                          2. Reflected XSS
                                                            1. URL Parameter XSS
                                                              1. Form Field XSS
                                                                1. HTTP Header XSS
                                                                2. DOM-Based XSS
                                                                  1. Source-to-Sink Analysis
                                                                    1. DOM Manipulation XSS
                                                                    2. Mutation XSS
                                                                      1. Universal XSS
                                                                        1. XSS Prevention Techniques
                                                                        2. Authentication and Session Management Flaws
                                                                          1. Weak Authentication Mechanisms
                                                                            1. Weak Password Policies
                                                                              1. Credential Stuffing Vulnerabilities
                                                                                1. Brute Force Vulnerabilities
                                                                                  1. Dictionary Attack Vulnerabilities
                                                                                  2. Session Management Issues
                                                                                    1. Session Fixation
                                                                                      1. Session Hijacking
                                                                                        1. Insecure Session Storage
                                                                                          1. Session Timeout Issues
                                                                                            1. Cross-Site Session Transfer
                                                                                            2. Multi-Factor Authentication Bypasses
                                                                                              1. Password Reset Vulnerabilities
                                                                                                1. Account Lockout Bypasses
                                                                                                2. Broken Access Control
                                                                                                  1. Insecure Direct Object References (IDOR)
                                                                                                    1. Path Traversal
                                                                                                      1. Directory Traversal
                                                                                                        1. File Inclusion Vulnerabilities
                                                                                                          1. Local File Inclusion (LFI)
                                                                                                            1. Remote File Inclusion (RFI)
                                                                                                          2. Missing Function-Level Access Control
                                                                                                            1. Missing Method-Level Access Control
                                                                                                              1. Privilege Escalation
                                                                                                                1. Forced Browsing
                                                                                                                  1. Parameter Tampering
                                                                                                                  2. Security Misconfiguration
                                                                                                                    1. Default Credentials
                                                                                                                      1. Unnecessary Features Enabled
                                                                                                                        1. Debug Interfaces
                                                                                                                          1. Administrative Interfaces
                                                                                                                            1. Sample Applications
                                                                                                                              1. Default Accounts
                                                                                                                              2. Verbose Error Messages
                                                                                                                                1. Missing Security Headers
                                                                                                                                  1. HTTP Strict Transport Security (HSTS)
                                                                                                                                    1. Content Security Policy (CSP)
                                                                                                                                      1. X-Frame-Options
                                                                                                                                        1. X-Content-Type-Options
                                                                                                                                          1. X-XSS-Protection
                                                                                                                                          2. Insecure HTTP Methods
                                                                                                                                            1. Directory Listing Enabled
                                                                                                                                            2. Sensitive Data Exposure
                                                                                                                                              1. Encryption Weaknesses
                                                                                                                                                1. Unencrypted Data in Transit
                                                                                                                                                  1. Unencrypted Data at Rest
                                                                                                                                                    1. Weak Cryptographic Algorithms
                                                                                                                                                      1. Insufficient Key Length
                                                                                                                                                      2. Key Management Issues
                                                                                                                                                        1. Hardcoded Cryptographic Keys
                                                                                                                                                          1. Poor Key Storage
                                                                                                                                                            1. Weak Key Generation
                                                                                                                                                              1. Key Reuse
                                                                                                                                                              2. Data Leakage Scenarios
                                                                                                                                                                1. URL Parameter Exposure
                                                                                                                                                                  1. Log File Exposure
                                                                                                                                                                    1. Error Message Disclosure
                                                                                                                                                                      1. Backup File Exposure
                                                                                                                                                                    2. Cross-Site Request Forgery (CSRF)
                                                                                                                                                                      1. CSRF Attack Mechanics
                                                                                                                                                                        1. GET-Based CSRF
                                                                                                                                                                          1. POST-Based CSRF
                                                                                                                                                                            1. JSON-Based CSRF
                                                                                                                                                                              1. CSRF Prevention Methods
                                                                                                                                                                                1. Anti-CSRF Tokens
                                                                                                                                                                                  1. Referer Header Validation
                                                                                                                                                                                2. Insecure Deserialization
                                                                                                                                                                                  1. Object Deserialization Attacks
                                                                                                                                                                                    1. Remote Code Execution via Deserialization
                                                                                                                                                                                      1. Data Tampering via Deserialization
                                                                                                                                                                                        1. Denial of Service via Deserialization
                                                                                                                                                                                          1. Language-Specific Deserialization Issues
                                                                                                                                                                                          2. Server-Side Request Forgery (SSRF)
                                                                                                                                                                                            1. Internal Network Access
                                                                                                                                                                                              1. Cloud Metadata API Attacks
                                                                                                                                                                                                1. Port Scanning via SSRF
                                                                                                                                                                                                  1. Protocol Smuggling
                                                                                                                                                                                                    1. Blind SSRF
                                                                                                                                                                                                    2. Using Components with Known Vulnerabilities
                                                                                                                                                                                                      1. Outdated Libraries
                                                                                                                                                                                                        1. Vulnerable Frameworks
                                                                                                                                                                                                          1. Dependency Confusion
                                                                                                                                                                                                            1. Supply Chain Attacks
                                                                                                                                                                                                              1. Component Inventory Management
                                                                                                                                                                                                              2. Insufficient Logging and Monitoring
                                                                                                                                                                                                                1. Missing Security Event Logging
                                                                                                                                                                                                                  1. Inadequate Log Retention
                                                                                                                                                                                                                    1. Poor Log Analysis
                                                                                                                                                                                                                      1. Missing Real-Time Monitoring
                                                                                                                                                                                                                        1. Insufficient Alerting Mechanisms

                                                                                                                                                                                                                      Previous

                                                                                                                                                                                                                      4. Vulnerability Categories by Impact

                                                                                                                                                                                                                      Go to top

                                                                                                                                                                                                                      Next

                                                                                                                                                                                                                      6. Software and Memory Vulnerabilities