| Broken Access Control |
A1:2021, API1:2019, API5:2019 |
CWE-22, CWE-285, CWE-639, CWE-918 |
WASC-02, WASC-09, WASC-16 |
| Broken Anti-Automation |
OWASP-AT-004, API4:2019, OWASP-AT-010, OAT-009, OAT-015, OAT-008 |
CWE-362 |
WASC-11, WASC-21 |
| Broken Authentication |
A7:2021, API2:2019, P6:2021 |
CWE-287, CWE-352 |
WASC-01, WASC-49 |
| Cross Site Scripting (XSS) |
A3:2021, A7:2017 |
CWE-79 |
WASC-8 |
| Cryptographic Issues |
A2:2021 |
CWE-326, CWE-327, CWE-328, CWE-950 |
- |
| Improper Input Validation |
ASVS V5, API6:2019 |
CWE-20 |
WASC-20 |
| Injection |
A3:2021, API8:2019, P1:2021 |
CWE-74, CWE-89 |
WASC-19, WASC-28, WASC-31 |
| Insecure Deserialization |
A8:2021, A8:2017 |
CWE-502 |
- |
| Miscellaneous |
P5:2021 |
- |
- |
| Security Misconfiguration |
A5:2021, A9:2021, API7:2019, API9:2019, API10:2019 |
CWE-209 |
WASC-14, WASC-15 |
| Security through Obscurity |
A4:2021, P5:2021 |
CWE-656 |
- |
| Sensitive Data Exposure |
A3:2017, API3:2019, OTG-CONFIG-004, P2:2021 |
CWE-200, CWE-530, CWE-548 |
WASC-13 |
| Unvalidated Redirects |
A10:2013 |
CWE-601 |
WASC-38 |
| Vulnerable Components |
A6:2021 |
CWE-829, CWE-506, CWE-1104 |
- |
| XML External Entities (XXE) |
A5:2021, A4:2017 |
CWE-611 |
WASC-43 |
