Exposure of sensitive application/user details to unauthorized users

older or poorly configured XML processors evaluate external entity references within XML documents

improper implementation of authentication and session management

application includes untrusted data in a new web page without proper validation or escaping

true

flase

false

true

Crypt-analysis of hash values

Spamming

Authorization Bypass

Authentication bypass

Insecure Direct Object References

Session Replay

Session Hijacking

Session Fixation

Session Fixation

Brute Force Attack

XSS

Dictionary Attack

Forced Browsing or failure to restrict URL

Invalidated redirect and forward

Insecure Misconfiguration

SQL Injection