Top 30 Application Vulnerabilities and Definitions
Top 30 Application Vulnerabilities and Definitions
Definitions
https://ie.linkedin.com/in/hanimeken
https://ie.linkedin.com/in/hanimeken
1. Injection Flaws
Definition: Injection flaws occur when untrusted data is sent to an interpreter as part of a
command or query. This allows attackers to execute malicious commands or access
unauthorized data.
2. Broken Authentication
Definition: XSS vulnerabilities enable attackers to inject malicious scripts into web pages
viewed by other users. These scripts can steal session cookies, redirect users to malicious
sites, or deface websites.
Definition: Broken access control vulnerabilities occur when developers fail to properly
enforce restrictions on what authenticated users are allowed to do, allowing unauthorized
access to sensitive data or functionality.
5. Security Misconfiguration
Definition: Sensitive data exposure vulnerabilities occur when sensitive information, such as
passwords or credit card numbers, is not properly protected, allowing attackers to access or
steal the data.
Definition: Insufficient logging and monitoring vulnerabilities occur when systems do not
properly log security-relevant events or do not monitor logs for suspicious activity, making it
difficult to detect and respond to security incidents.
8. Insecure Deserialization
https://ie.linkedin.com/in/hanimeken
9. XML External Entity (XXE) Injection
Definition: XXE injection vulnerabilities occur when an application parses XML input
insecurely, allowing attackers to read sensitive files, execute arbitrary code, or perform other
malicious actions.
Definition: Broken function level authorization vulnerabilities arise when applications fail to
properly enforce access controls on individual functions or endpoints, allowing unauthorized
access to restricted functionality.
Definition: Insecure direct object reference vulnerabilities occur when applications expose
internal objects such as files or database records without proper authorization, allowing
attackers to access sensitive data.
Definition: CSRF vulnerabilities occur when attackers trick authenticated users into
unknowingly submitting malicious requests, leading to unauthorized actions being performed
on behalf of the victim.
Definition: This vulnerability arises when applications use outdated or vulnerable third-party
components, libraries, or frameworks, making them susceptible to exploitation by attackers.
Definition: Invalidated redirects and forwards vulnerabilities occur when applications redirect
or forward users to untrusted destinations based on user-supplied input, potentially leading to
phishing attacks or other malicious activities.
Definition: Insecure file upload vulnerabilities occur when applications allow users to upload
files without proper validation, leading to the execution of malicious code or the uploading of
malware-infected files.
https://ie.linkedin.com/in/hanimeken
17. Server-Side Request Forgery (SSRF)
Definition: SSRF vulnerabilities allow attackers to make unauthorized requests from the
server to internal or external resources, potentially exposing sensitive data or services to
exploitation.
Definition: Improper input validation vulnerabilities occur when applications fail to properly
validate and sanitize user input, allowing attackers to inject malicious code or bypass security
controls.
Definition: Cryptographic issues arise when applications use weak or insecure cryptographic
algorithms, improper key management, or other cryptographic flaws, making them
susceptible to attacks such as brute force or encryption bypass.
Definition: Insecure API vulnerabilities occur when APIs are not properly secured, allowing
attackers to access sensitive data, execute unauthorized actions, or manipulate the
application's behavior.
Definition: Path traversal vulnerabilities occur when applications allow attackers to access
files or directories outside of the intended directory structure, potentially exposing sensitive
information or system files.
Definition: Insecure mobile application vulnerabilities arise when mobile apps fail to
implement secure coding practices, leaving them susceptible to various types of attacks such
as data leakage, unauthorized access, or tampering.
Definition: Insufficient transport layer protection vulnerabilities occur when applications fail
to adequately encrypt data transmitted over the network, leaving it vulnerable to interception
or tampering.
https://ie.linkedin.com/in/hanimeken
25. Race Conditions
Definition: Race condition vulnerabilities occur when multiple processes or threads access
shared resources concurrently, leading to unexpected behavior or security vulnerabilities.
27. Clickjacking
Definition: Clickjacking vulnerabilities occur when attackers trick users into clicking on
hidden or disguised elements on a web page, leading to unintended actions or malicious
activities.
Definition: Security through obscurity vulnerabilities occur when security mechanisms rely
on secrecy or concealment rather than proper security controls, making them susceptible to
exploitation once discovered.
Definition: DNS spoofing vulnerabilities occur when attackers manipulate DNS responses to
redirect users to malicious websites or servers, leading to phishing attacks or DNS cache
poisoning.
HANIM EKEN
https://ie.linkedin.com/in/hanimeken
https://ie.linkedin.com/in/hanimeken