1. Injection
Damage to the system through SQL and other injection attacks.
2. Broken Authentication
Unauthorized access due to weak authentication mechanisms.
3. Sensitive Data Exposure
Leakage of unencrypted or weakly protected data.
4. XML External Entities (XXE)
Exploitation of weaknesses in XML documents.
5. Broken Access Control
Unauthorized users accessing restricted resources.
6. Security Misconfiguration
Incorrect or weak security settings leading to breaches.
7. Cross-Site Scripting (XSS)
Injection of malicious scripts into trusted websites.
8. Insecure Deserialization
Executing malicious code through untrusted data.
9. Using Components with Known Vulnerabilities
Risks from outdated or vulnerable libraries and modules.
10. Insufficient Logging and Monitoring
Failure to detect and respond to security incidents timely.