The 100
I have come across a comprehensive categorization of 100 web vulnerabilities. It broadly covers a range of vulnerabilities that are recognized in web applications and related technologies. The categories and some key vulnerabilities are:
Injection Vulnerabilities
This category includes various types of injection flaws where untrusted data is sent to an interpreter as part of a command or query, like SQL, XML, or code injections. These are common and dangerous vulnerabilities.
- SQL Injection (SQLi)
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Remote Code Execution (RCE)
- Command Injection
- XML Injection
- LDAP Injection
- XPath Injection
- HTML Injection
- Server-Side Includes (SSI) Injection
- OS Command Injection
- Blind SQL Injection
- Server-Side Template Injection (SSTI)
Broken Authentication and Session Management
These vulnerabilities are related to flaws in authentication and session management functions, making it possible to compromise passwords, keys, or session tokens.
- Session Fixation
- Brute Force Attack
- Session Hijacking
- Password Cracking
- Weak Password Storage
- Insecure Authentication
- Cookie Theft
- Credential Reuse
Sensitive Data Exposure
Involves improper protection of sensitive data, like personal information, leading to risks of data theft.
- Inadequate Encryption
- Insecure Direct Object References (IDOR)
- Data Leakage
- Unencrypted Data Storage
- Missing Security Headers
- Insecure File Handling
Security Misconfiguration
Commonly occurs due to insecure default configurations, incomplete or ad hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information.
- Default Passwords
- Directory Listing
- Unprotected API Endpoints
- Open Ports and Services
- Improper Access Controls
- Information Disclosure
- Unpatched Software
- Misconfigured CORS
- HTTP Security Headers Misconfiguration
XML-Related Vulnerabilities
Specific to the handling of XML data and can lead to significant security issues.
- XML External Entity (XXE) Injection
- XML Entity Expansion (XEE)
- XML Bomb
Broken Access Control
This category includes vulnerabilities where restrictions on what authenticated users are allowed to do are not properly enforced.
- Inadequate Authorization
- Privilege Escalation
- Insecure Direct Object References
- Forceful Browsing
- Missing Function-Level Access Control
Insecure Deserialization
This can lead to remote code execution, replay attacks, injection attacks, and privilege escalation attacks.
- Remote Code Execution via Deserialization
- Data Tampering
- Object Injection
API Security Issues
Pertains to vulnerabilities specifically in API (Application Programming Interface) implementations.
- Insecure API Endpoints
- API Key Exposure
- Lack of Rate Limiting
- Inadequate Input Validation
Insecure Communication
Relates to vulnerabilities where data in transit is not adequately secured, allowing attackers to intercept or modify data.
- Man-in-the-Middle (MITM) Attack
- Insufficient Transport Layer Security
- Insecure SSL/TLS Configuration
- Insecure Communication Protocols
Client-Side Vulnerabilities
Focuses on vulnerabilities that exist in the client-side code of web applications.
- DOM-based XSS
- Insecure Cross-Origin Communication
- Browser Cache Poisoning
- Clickjacking
- HTML5 Security Issues
Denial of Service (DoS)
These attacks aim to make a machine or network resource unavailable to its intended users.
- Distributed Denial of Service (DDoS)
- Application Layer DoS
- Resource Exhaustion
- Slowloris Attack
- XML Denial of Service
Other Web Vulnerabilities
A broad category covering various other types of vulnerabilities.
- Server-Side Request Forgery (SSRF)
- HTTP Parameter Pollution (HPP)
- Insecure Redirects and Forwards
- File Inclusion Vulnerabilities
- Security Header Bypass
- Clickjacking
- Inadequate Session Timeout
- Insufficient Logging and Monitoring
- Business Logic Vulnerabilities
- API Abuse
Mobile Web Vulnerabilities
Specific to web applications running on mobile devices.
- Insecure Data Storage on Mobile Devices
- Insecure Data Transmission on Mobile Devices
- Insecure Mobile API Endpoints
- Mobile App Reverse Engineering
IoT Web Vulnerabilities
Related to the unique security challenges posed by Internet of Things (IoT) devices.
- Insecure IoT Device Management
- Weak Authentication on IoT Devices
- IoT Device Vulnerabilities
Web of Things (WoT) Vulnerabilities
Focuses on vulnerabilities in the Web of Things, which extends the IoT with web technologies.
- Unauthorized Access to Smart Homes
- IoT Data Privacy Issues
Authentication Bypass
Concerns vulnerabilities that allow attackers to bypass authentication mechanisms.
- Insecure “Remember Me” Functionality
- CAPTCHA Bypass
Server-Side Request Forgery (SSRF)
Involves sending forged requests from a vulnerable server to another system.
- Blind SSR
- Time-Based Blind SSRF
Content Spoofing
Refers to the ability of an attacker to create a piece of content on a website that is not part of the original site.
- MIME Sniffing
- X-Content-Type-Options Bypass
- Content Security Policy (CSP) Bypass
Business Logic Flaws
Involves exploiting the legitimate processing flows of an application to achieve a malicious outcome.
- Inconsistent Validation
- Race Conditions
- Order Processing Vulnerabilities
- Price Manipulation
- Account Enumeration
- User-Based Flaws
Zero-Day Vulnerabilities
Refers to vulnerabilities that are unknown to the parties responsible for patching or fixing the flaw.
- Unknown Vulnerabilities
- Unpatched Vulnerabilities
- Day-Zero Exploits